[unisog] Tcp/6101 spike

Andreas Östling andreaso at it.su.se
Sat Jan 8 14:33:42 GMT 2005

On Sat, 8 Jan 2005, Kees Leune wrote:

> Hi,
> I've been seeing spikes on tcp/6101 probes since yesterday or so. Haven't been
> able to capture packets yet. Any ideas what is causing this? The sans port
> graph at http://isc.sans.org/port_details.php?port=6101 seems to confirm my
> observation.


My guess is that they're looking for machines running a vulnerable version 
of Veritas Backup Exec Agent Browser:

Metasploit has an exploit for it:


More information about the unisog mailing list