Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: port 1433?

From: jason () WITTYS COM (Jason Witty)
Date: Tue, 27 Jun 2000 08:04:21 -0500


Fromhttp://www.wittys.com/files/all-ip-numbers.txt :


ms-sql-s        1433/tcp   Microsoft-SQL-Server
ms-sql-s        1433/udp   Microsoft-SQL-Server
ms-sql-m        1434/tcp   Microsoft-SQL-Monitor
ms-sql-m        1434/udp   Microsoft-SQL-Monitor
#                          Peter Hussey <peterhus () microsoft com>

Microsoft SQL.  Someone was firing up an SQL client against your machine
- probably a typo (unless you run MS-SQL on your DNS server!)  The
incemental source port numbers would be correct for this situation.
Hope this helps!

Jason

Sir Scriptzalot wrote:


Dear all,

Can anyone interpret this "attack" or seen something
similar? What service runs on port 1433 and note the
almost +1 incremental nature of the ports on the remote host.

Thanks
Max

              remote host   rport   ourhost             dport
Jun 23 10:40|216.46.247.224|4135|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4134|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4135|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4134|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4138|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4135|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4138|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4139|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4139|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4138|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4140|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4139|dns-server.ourhost.com|1433
Jun 23 10:40|216.46.247.224|4140|dns-server.ourhost.com|1433

Max Steel
Omega-Xpress

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: