[unisog] Tcp/6101 spike

Andreas Östling andreaso at it.su.se
Sat Jan 8 14:33:42 GMT 2005


On Sat, 8 Jan 2005, Kees Leune wrote:

> Hi,
> 
> I've been seeing spikes on tcp/6101 probes since yesterday or so. Haven't been
> able to capture packets yet. Any ideas what is causing this? The sans port
> graph at http://isc.sans.org/port_details.php?port=6101 seems to confirm my
> observation.

Hello,

My guess is that they're looking for machines running a vulnerable version 
of Veritas Backup Exec Agent Browser:
http://www.idefense.com/application/poi/display?id=169&type=vulnerabilities

Metasploit has an exploit for it:
http://www.metasploit.com/archive/framework/msg00036.html

/Andreas



More information about the unisog mailing list