Security Incidents mailing list archives
RE: Windows Systems Defaced
From: H C <keydet89 () yahoo com>
Date: Fri, 3 May 2002 05:28:29 -0700 (PDT)
The above commands were directed to systems that were listening on port 1433/tcp and accessible from the outside.
The commands in question are attempts to execute stored procedures in MS SQL.
At this time, I am not completely clear on how to protect from this attack.
1. Block port 1433 at the router/firewall. 2. Use a strong 'sa' password. 3. Remove or restrict access to the stored procedure.
but does anyone on this list know if this is a safe and effective solution?
It most definitely is. We have a particular architecture, w/ SQL, and we've done what you've described, and have had no problems whatsoever. __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Windows Systems Defaced Steve Zenone (May 02)
- <Possible follow-ups>
- Re: Windows Systems Defaced Stephen W. Thompson (May 02)
- RE: Windows Systems Defaced Steve Zenone (May 02)
- RE: Windows Systems Defaced H C (May 03)
- RE: Windows Systems Defaced Brenna Primrose (May 03)
- RE: Windows Systems Defaced Johannes B. Ullrich (May 03)
- Windows Systems Defaced/destroyed, plus Port 3389 attacks Bukys, Liudvikas (May 13)
- RE: Windows Systems Defaced Steve Zenone (May 02)