Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange scan on 1433

From: "Jason Robertson" <jason () ifuture com>
Date: Tue, 21 May 2002 12:25:04 -0400
Here's an interesting article about it..

Jason

http://www.incidents.org/diary/diary.php?id=156

On 21 May 2002 at 16:30, dr john halewood wrote:

From:                   dr john halewood <john () frumious unidec co uk>
Organization:           unidentified sloths
To:                     incidents () securityfocus com
Subject:                Re: Strange scan on 1433
Date sent:              Tue, 21 May 2002 16:30:01 +0100
Mailer:                 KMail [version 1.3.2]


On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote:

I got a lot of scans today on port 1433 from numerous nets (part of them
are .jp and .kr, but not all)
Does anyone know what they're looking for on the port ?
I've never been scanned on the port before.


 I'm getting a lot of these as well. 1433 is the Microsoft SQL server port. 
There's a number of tools doing the rounds at the moment looking for the all 
too common ms-sql servers with blank sa (database admin) passwords, as well 
as a few that exploit vulnerabilities in unpatched servers.

cheers
john


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com








----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: