Security Incidents mailing list archives

RE: Windows Systems Defaced

From: H C <keydet89 () yahoo com>
Date: Fri, 3 May 2002 05:28:29 -0700 (PDT)

The above commands were directed to systems that
were listening on
port 1433/tcp and accessible from the outside.


The commands in question are attempts to execute
stored procedures in MS SQL.

At this time, I am not completely clear on how to
protect from this attack.


1.  Block port 1433 at the router/firewall.
2.  Use a strong 'sa' password.
3.  Remove or restrict access to the stored procedure.

but does anyone on this list know if
this is a safe and effective solution?


It most definitely is.  We have a particular
architecture, w/ SQL, and we've done what you've
described, and have had no problems whatsoever.


__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Windows Systems Defaced Steve Zenone (May 02)
- <Possible follow-ups>
- Re: Windows Systems Defaced Stephen W. Thompson (May 02)
  - RE: Windows Systems Defaced Steve Zenone (May 02)
    - RE: Windows Systems Defaced H C (May 03)
    - RE: Windows Systems Defaced Brenna Primrose (May 03)
    - RE: Windows Systems Defaced Johannes B. Ullrich (May 03)
    - Windows Systems Defaced/destroyed, plus Port 3389 attacks Bukys, Liudvikas (May 13)
- RE: Windows Systems Defaced David Ashwood (May 03)
- Re: Windows Systems Defaced Alphonse MacDonald (May 14)