Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL port probe repeats

From: "David Barnett" <dbarn064 () earthlink net>
Date: Sun, 23 Jun 2002 09:54:04 -0500
I have seen similiar activity from a couple of IPs from France. They had
broken into a computer of a company I was doing a vuln assessment on and set
up an ftp server to share movies and software.
SQL port probes were seen also. This was on Saturday and I have yet to get
access to all log files.
david b
----- Original Message -----
From: "Harlan S. Barney, Jr." <hsbarney () nycap rr com>
To: <incidents () securityfocus com>
Sent: Saturday, June 22, 2002 8:34 PM
Subject: Re: SQL port probe repeats



After about 250 SQL port probes to my workstation without a repeat of
source IP, I have found two repeats in the last week.  One was from
Korea, the other from the USA.

Maybe someone cleaned the two systems but did not secure them properly.

I have also noted that in March I had a SQL port probe followed by an
FTP port probe from the same source in France.

--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com






----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: