From: "Geo" 

That's a small help but it's not going to make much difference. Allow me to explain.

Virus/worm writers target processes that a lot of machines have in common,
even stuff like sql server and phpBB which you wouldn't think are real
common have been targets. Well imagine the thrill of a virus writer who
gets the idea that thousands upon thousands of corporate desktop computers
have the same backup agent installed.. (how many backup exec agents would
you suppose are installed worldwide?)

SqlSlammer got behind firewall and router blocks by using spoofed UDP
traffic, the traffic would hit a cisco router and instead of being routed
out one route it fragmented and went out all interfaces because it was not
constructed to the standards (something virus writers love to do). A router
set to block 1433 would not have protected you for the simple reason that
you are counting on the traffic being constructed according to a set of
rules, rules that the virus writers break for a living..

The only really safe way to do agents is to have the agent start at a
specific time when the backup server is scheduled to backup that machine
and then have the agent shut down once the backup is complete, this at
least minimizes the number of exposed agents you have at any one time. That
and when the agent is installed it should limit access to it's port to just
the IP of the backup server. That would help too.

Course now that symantec owns BE I don't suppose that will happen because
if machines are secure then the virus are not that much of a threat and so
it's harder to sell AV software... and well.. you can see the motivation is
all wrong here.

Geo.

"Robert Comer"  wrote in
message news:41c97ad9{at}w3.nls.net...
> That's why I block the backup agent at my outside router level...
>
> - Bob Comer
>
>
> "Geo"  wrote in message
news:41c957ae$1{at}w3.nls.net...
> > It doesn't matter what they call it, it wanted a machine name which
means
> > the stupid thing has opened itself up to access from the network.
> >
> > I don't know if you remember about 6 months ago I posed the question
here
> > as
> > to whether anyone had tried to hack a backup agent? Well I went to the
> > security lists and asked the same question and got several responses
from
> > guys who had and who convinced me that backup software would be the next
> > way
> > to exploit systems since it has access to everything and since they said
> > it
> > was obvious the backup people never even considered security..
> >
> > Geo.
> >
> > "Glenn Meadows"  wrote in message
> > news:41c8cb99$1{at}w3.nls.net...
> >> Maybe it considers ANY drive, or collection of drives a
"media server".
> >>
> >> Mine does that each time it starts up, but there is only one drive in
the
> >> machine to backup to.  A generic term used to describe the backup
> >> destination?  A Media Server of "1"?
> >>
> >> --
> >> Glenn M.
> >
> >
> >
>
>

--- BBBS/NT v4.01 Flag-5