Security Incidents mailing list archives

RE: Strange scan on 1433

From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Tue, 21 May 2002 10:01:48 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 08:23 AM 5/21/2002, David LaPorte wrote:

They're looking for MS-SQL servers with blank/default sa passwords that are
missing the MS02-020 patch:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-020.asp


Others have mentioned the MS02-020 bulletin...  The BO referenced requires 
authenticated access to the box- thus the checks for blank SA.  But, of 
course, if you have a blank SA, there isn't really much point in worrying 
about the overflow.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPOp9fIhsmyD15h5gEQJQ0gCgv3ezP4Scr211WsfhlaSZvtFlcogAnjqR
YWWw6fbXaVhN1dF+JA22yQLC
=/hkB
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Strange scan on 1433 Pavel Lozhkin (May 21)
- Re: Strange scan on 1433 dr john halewood (May 21)
  - Re: Strange scan on 1433 Jason Robertson (May 21)
- RE: Strange scan on 1433 David LaPorte (May 21)
  - RE: Strange scan on 1433 Deus, Attonbitus (May 21)
  - RE: Strange scan on 1433 Blake Frantz (May 21)
    - Re: Strange scan on 1433 George Bakos (May 21)
    - Worms and CScript/WScript Blake Frantz (May 21)
    - Re: Worms and CScript/WScript Ryan Russell (May 21)
    - RE: Worms and CScript/WScript Michael Wright (May 21)
    - RE: Worms and CScript/WScript Nick FitzGerald (May 22)
    - RE: Worms and CScript/WScript Richard H. Cotterell (May 26)
    - RE: Worms and CScript/WScript Nick FitzGerald (May 27)
    - RE: Worms and CScript/WScript Richard H. Cotterell (May 28)
- RE: Strange scan on 1433 Ken Pfeil (May 21)

(Thread continues...)