Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: More Veritas Backup Exec fun / The search for open relays continues / Santy still running around making trouble / Mailbag - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More Veritas Backup Exec fun / The search for open relays continues / Santy still running around making trouble / Mailbag
More Veritas Backup Exec fun

We continue to receive reports of probes that appear to be looking for the
Veritas Backup Exec vulnerability. Initial probe spikes showed up at port
6101, but we've been told by Erik Fichtner that recent versions of Backup
Exec have agents also running at tcp 10000. Regardless, make sure your
organization is patched!

For those looking to move ports around, have a look at:
http://seer.support.veritas.com/docs/255498.htm

The search for open relays continues

Reports of open (web) proxy scanning continue to come in. Organizations
are reminded to keep an eye on their proxy and mail servers, as even
security-conscious administrators sometimes fat-finger configurations and
open up the door for future problems. (This handler certainly has had his
fair share!) Checking the relay capabilites of your own infrastructure
from time to time isn't a bad idea!

Santy still running around making trouble

The phpBB Santy worm continues to make its rounds. While quite tame
compared to the Internet's heavier hitting malware, some interesting stats
pertaining to Santy's progress can be found here for anyone who is
curious:

http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=112

Mailbag

Brian Marino had problems with Cisco ACLs (Access Control List) not
stopping malicious fragmented UDP packets. While his ACLs looked ok, we
figured out he was running into some known issues over at Cisco.

We thought many more would enjoy the URL for the Cisco white paper on how
ACLs work:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800949b8.shtml

--

Edited by Swa Frantzen, for Greg Shipley. Wishing him some sound sleep after a very busy day.
Greg

3 Posts

Sign Up for Free or Log In to start participating in the conversation!