More Veritas Backup Exec fun / The search for open relays continues / Santy still running around making trouble / Mailbag

Published: 2005-01-14
Last Updated: 2005-01-15 11:44:56 UTC
by Greg Shipley (Version: 1)
0 comment(s)
More Veritas Backup Exec fun

We continue to receive reports of probes that appear to be looking for the
Veritas Backup Exec vulnerability. Initial probe spikes showed up at port
6101, but we've been told by Erik Fichtner that recent versions of Backup
Exec have agents also running at tcp 10000. Regardless, make sure your
organization is patched!

For those looking to move ports around, have a look at:
http://seer.support.veritas.com/docs/255498.htm

The search for open relays continues

Reports of open (web) proxy scanning continue to come in. Organizations
are reminded to keep an eye on their proxy and mail servers, as even
security-conscious administrators sometimes fat-finger configurations and
open up the door for future problems. (This handler certainly has had his
fair share!) Checking the relay capabilites of your own infrastructure
from time to time isn't a bad idea!

Santy still running around making trouble

The phpBB Santy worm continues to make its rounds. While quite tame
compared to the Internet's heavier hitting malware, some interesting stats
pertaining to Santy's progress can be found here for anyone who is
curious:

http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=112

Mailbag

Brian Marino had problems with Cisco ACLs (Access Control List) not
stopping malicious fragmented UDP packets. While his ACLs looked ok, we
figured out he was running into some known issues over at Cisco.

We thought many more would enjoy the URL for the Cisco white paper on how
ACLs work:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800949b8.shtml

--

Edited by Swa Frantzen, for Greg Shipley. Wishing him some sound sleep after a very busy day.
Keywords:
0 comment(s)

Comments


Diary Archives