[Dshield] Veritas Backup Exec Scanning

Blake McNeill mcneillb at LinkLogger.com
Thu Jun 30 05:30:24 GMT 2005


PortPeeker capture of the attack attempt at
http://www.linklogger.com/TCP10000Capture.htm

Seeing more and more of these.

Blake

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of TRushing at hollandco.com
Sent: Monday, June 27, 2005 9:55 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Veritas Backup Exec Scanning

What I find particularly interesting in looking at the Dshield port 
history for the Veritas vulnerabilitiy

http://www.dshield.org/port_report.php?port=10000&recax=1&tarax=2&srcax=2&pe
rcent=N&days=40&Redraw=

is that for the most part, targets are in the double (and sometimes 
triple) digits until the scans began to pick up after the notice came out 
late last week.

However, on 28 May, there are 25 source machines scanning nearly 50,000 
hosts.  That really stands out.  I imagine that it would be easy for 
Johannes or someone to look at those 25 source ips and determine whether 
that was the vendor or discoverer checking to see how widespread the 
problem was or if it was something else.  If we do end up with a worm out 
of this, I imagine those 25 addresses should get some closer scrutiny.

Tim Rushing
The Holland Company

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


More information about the list mailing list