|
Tina, It is quite interesting that I am still observing this behavior, therefore I am not sure if they fixed the phone home problem..It generates quite bit of messages attempting to contact home. On Thu, 15 Apr 1999, Tina Bird wrote: > Wow, Ryan, now you've reminded me. It was never a released version > of ARCserve, it was an early beta that wanted to contact home to > dump debugging information. It was running on about half of the > NT servers at my old job, and generating millions of firewall alarms > (okay, that might be an exaggeration) until I managed to convince the > LAN administrators that it had >something< to do with backups. > > >From the Cheyenne/CAI Web site: > > TECHNOTE: What Port and Socket numbers are used by the NT Agent? > > Date: October 10, 1996 > Product: ARCserve > Platform: Windows NT > Version: 2.x / 6.x > > Port and Socket numbers used by the NT Agent: > TCP and UDP : Port Number : 6050 > IPX and SPX: Socket Number: 0x1687 (5767) > > NOTE: Upgrade your ARCserve versions 2.x and 6.0 for Windows NT to > version 6.5 for Windows NT. ARCserve 6.5 addresses issues and adds > feature enhancements and performance benefits. > > Upgrading the ARCserve agent software to a released version took > care of the "phone home" issue. > > Cheers -- tbird >Has anyone seen or heard of an vulnerability/attack with a source port of >6050 and with a destination port 5767 and with a destination address of > >141.1.19.215 -according to nslookup DNS name is: >Please.contact.Cheyenne.for.complains