Security Incidents mailing list archives
Re: SQL port probe repeats
From: "David Barnett" <dbarn064 () earthlink net>
Date: Sun, 23 Jun 2002 09:54:04 -0500
I have seen similiar activity from a couple of IPs from France. They had broken into a computer of a company I was doing a vuln assessment on and set up an ftp server to share movies and software. SQL port probes were seen also. This was on Saturday and I have yet to get access to all log files. david b ----- Original Message ----- From: "Harlan S. Barney, Jr." <hsbarney () nycap rr com> To: <incidents () securityfocus com> Sent: Saturday, June 22, 2002 8:34 PM Subject: Re: SQL port probe repeats
After about 250 SQL port probes to my workstation without a repeat of source IP, I have found two repeats in the last week. One was from Korea, the other from the USA. Maybe someone cleaned the two systems but did not secure them properly. I have also noted that in March I had a SQL port probe followed by an FTP port probe from the same source in France. --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- port 32814 Brian Collins (Jun 22)
- Re: SQL port probe repeats Harlan S. Barney, Jr. (Jun 22)
- Re: SQL port probe repeats David Barnett (Jun 23)
- Re: SQL port probe repeats Harlan S. Barney, Jr. (Jun 22)