Re: Veritas BackupExec (remote DoS)
Also confirmed with the BackupExec Mac and UNIX (Solaris at least) agents. Corroborated Win9x and Linux. > Hi, > > I can verify that this problem exists also on the Win9x agents, I couldnt figure out >why the agents on our network kept crashing every sunday, and eventually I > figured out that this was about the time that I had weekly portscans scheduled. > > I spoke with Veritas tech support - but nothing was ever done about it. > > Jason Griffiths > > > - Original Message - > From: Jonah Kowall > To: [EMAIL PROTECTED] > Sent: Monday, January 15, 2001 12:57 PM > Subject: Re: Veritas BackupExec (remote DoS) > > Doesn't the agent only work on backup exec enterprise editions? That's what >I'm using it with. If you tell them you are using the enterprise edition, maybe you > can get a different response? Tell them you are evaluating it if need be. > > I have connected to it, and disconnected, and I didn't see it stop responding. >I have also opened 3 separate connections, and found it took all three > simultaneously. > > Backup Exec -- Unix Agent, Version 5.01 Revision 5.023 > Copyright 1999 VERITAS Software Corporation. All Rights Reserved. > > This is the version of the Linux agent I am running on redhat 6.2. > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 15, 2001 8:25 AM > To: [EMAIL PROTECTED] > Subject: Veritas BackupExec (remote DoS) > > > Hello, > > I am using Backup system from Veritas Software (http://www.veritas.com/) > and its Linux agent. That agent is listening TCP-socket (8192 in my > system) and if someone makes connection to that socket, but do not send > anything to it, the agent hangs forever, even if you close that > connection. For example portscanners make it to hang. > > I think that the problem is that the software is not using select() > function calls before read() calls and it is not using threads either. > > I reported that to the Veritas and they replied "Unfortunately our Backup > Exec Desktop Products do not support backing up Linux machines. I'm > afraid we would be unable to assist you in this instance, however > thank you for your interest." > > -- > Ari Saastamoinen > [EMAIL PROTECTED] -- Matthew Keller WebMaster, Interim Network Manager & Host Systems Analyst Computing & Technology Services Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/
Re: Veritas BackupExec (remote DoS)
Title: RE: Veritas BackupExec (remote DoS) Hi, I can verify that this problem exists also on the Win9x agents, I couldnt figure out why the agents on our network kept crashing every sunday, and eventually I figured out that this was about the time that I had weekly portscans scheduled. I spoke with Veritas tech support - but nothing was ever done about it. Jason Griffiths - Original Message - From: Jonah Kowall To: [EMAIL PROTECTED] Sent: Monday, January 15, 2001 12:57 PM Subject: Re: Veritas BackupExec (remote DoS) Doesn't the agent only work on backup exec enterprise editions? That's what I'm using it with. If you tell them you are using the enterprise edition, maybe you can get a different response? Tell them you are evaluating it if need be. I have connected to it, and disconnected, and I didn't see it stop responding. I have also opened 3 separate connections, and found it took all three simultaneously. Backup Exec -- Unix Agent, Version 5.01 Revision 5.023 Copyright 1999 VERITAS Software Corporation. All Rights Reserved. This is the version of the Linux agent I am running on redhat 6.2. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 15, 2001 8:25 AM To: [EMAIL PROTECTED] Subject: Veritas BackupExec (remote DoS) Hello, I am using Backup system from Veritas Software (http://www.veritas.com/) and its Linux agent. That agent is listening TCP-socket (8192 in my system) and if someone makes connection to that socket, but do not send anything to it, the agent hangs forever, even if you close that connection. For example portscanners make it to hang. I think that the problem is that the software is not using select() function calls before read() calls and it is not using threads either. I reported that to the Veritas and they replied "Unfortunately our Backup Exec Desktop Products do not support backing up Linux machines. I'm afraid we would be unable to assist you in this instance, however thank you for your interest." -- Ari Saastamoinen [EMAIL PROTECTED]
Re: Veritas BackupExec (remote DoS)
> Hello, > > I am using Backup system from Veritas Software > (http://www.veritas.com/) > and its Linux agent. That agent is listening TCP-socket (8192 in my > system) and if someone makes connection to that socket, but > do not send > anything to it, the agent hangs forever, even if you close that > connection. For example portscanners make it to hang. I reported this to Bugtraq in the Summer of 98, and it still hasn't been fixed. For about 8 months after that, a Seagate (the previous owner of BackupExec) rep would email me every 2 weeks stating that it would be fixed in a future version. It looks like it still hasn't been fixed. This will work on any of the desktop agents (I've tested AIX, Solaris and win95). Mike
Re: Veritas BackupExec (remote DoS)
Title: RE: Veritas BackupExec (remote DoS) Doesn't the agent only work on backup exec enterprise editions? That's what I'm using it with. If you tell them you are using the enterprise edition, maybe you can get a different response? Tell them you are evaluating it if need be. I have connected to it, and disconnected, and I didn't see it stop responding. I have also opened 3 separate connections, and found it took all three simultaneously. Backup Exec -- Unix Agent, Version 5.01 Revision 5.023 Copyright 1999 VERITAS Software Corporation. All Rights Reserved. This is the version of the Linux agent I am running on redhat 6.2. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 15, 2001 8:25 AM To: [EMAIL PROTECTED] Subject: Veritas BackupExec (remote DoS) Hello, I am using Backup system from Veritas Software (http://www.veritas.com/) and its Linux agent. That agent is listening TCP-socket (8192 in my system) and if someone makes connection to that socket, but do not send anything to it, the agent hangs forever, even if you close that connection. For example portscanners make it to hang. I think that the problem is that the software is not using select() function calls before read() calls and it is not using threads either. I reported that to the Veritas and they replied "Unfortunately our Backup Exec Desktop Products do not support backing up Linux machines. I'm afraid we would be unable to assist you in this instance, however thank you for your interest." -- Ari Saastamoinen [EMAIL PROTECTED]
Veritas BackupExec (remote DoS)
Hello, I am using Backup system from Veritas Software (http://www.veritas.com/) and its Linux agent. That agent is listening TCP-socket (8192 in my system) and if someone makes connection to that socket, but do not send anything to it, the agent hangs forever, even if you close that connection. For example portscanners make it to hang. I think that the problem is that the software is not using select() function calls before read() calls and it is not using threads either. I reported that to the Veritas and they replied "Unfortunately our Backup Exec Desktop Products do not support backing up Linux machines. I'm afraid we would be unable to assist you in this instance, however thank you for your interest." -- Ari Saastamoinen [EMAIL PROTECTED]