Home : Back

Port ARCserve

	Tina,

	It is quite interesting that I am still observing this behavior, therefore
	I am not sure if they fixed the phone home problem..It generates quite bit
	of messages attempting to contact home.


	 On Thu, 15 Apr 1999, Tina Bird
	wrote:

	> Wow, Ryan, now you've reminded me.  It was never a released version
	> of ARCserve, it was an early beta that wanted to contact home to
	> dump debugging information.  It was running on about half of the 
	> NT servers at my old job, and generating millions of firewall alarms 
	> (okay, that might be an exaggeration) until I managed to convince the
	> LAN administrators that it had >something< to do with backups.
	> 
	> >From the Cheyenne/CAI Web site:
	> 
	> TECHNOTE: What Port and Socket numbers are used by the NT Agent? 
	> 
	>  Date: October 10, 1996 
	>  Product: ARCserve 
	>  Platform: Windows NT 
	>  Version: 2.x / 6.x 
	> 
	>  Port and Socket numbers used by the NT Agent:
	>  TCP and UDP : Port Number : 6050
	>  IPX and SPX: Socket Number: 0x1687 (5767)
	> 
	> NOTE: Upgrade your ARCserve versions 2.x and 6.0 for Windows NT to 
	> version 6.5 for Windows NT.  ARCserve 6.5 addresses issues and adds 
	> feature enhancements and performance benefits.
	> 
	> Upgrading the ARCserve agent software to a released version took
	> care of the "phone home" issue.
	> 
	> Cheers -- tbird

	>Has anyone seen or heard of an vulnerability/attack with a source port of
	>6050 and with a destination port 5767 and with a destination address of
	>
	>141.1.19.215 -according to nslookup DNS name is:
	>Please.contact.Cheyenne.for.complains