Re: Backup Agents

From: Pavel Kankovsky (peakat_private)
Date: Mon Mar 24 2003 - 14:35:06 PST

Next message: Marco Ivaldi: "Re: Automatic discovery of shellcode address"

Previous message: D.C. van Moolenbroek: "Re: ptrace in linux kernel"
In reply to: Geo.: "Backup Agents"
Next in thread: Scott Harrington: "RE: Backup Agents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 20 Mar 2003, Geo. wrote:

> [...] so I was wondering if anyone had ever researched how secure the
> connection between a backup server and a machine running a backup
> agent is. [...]

Some superficial observation I made regarding two "enterprise" backup
systems (I will call them A and B) a while ago:

1. Agent A: connection not encrypted, the agent insists on getting the
root's password in plaintext (!) from the server.

2. Agent B: connection not encrypted, based on Sun RPC, using the weak
Unix authentication perhaps "strengthened" with the check of the peer's
IP address.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Next message: Marco Ivaldi: "Re: Automatic discovery of shellcode address"
Previous message: D.C. van Moolenbroek: "Re: ptrace in linux kernel"
In reply to: Geo.: "Backup Agents"
Next in thread: Scott Harrington: "RE: Backup Agents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 14:58:42 PST