SQL port scanning up
From: Barry Dorrans (barryd@IDUNNO.ORG)Date: 05/21/02
- Previous message: CSICONdotNET: "[CSICON] - Registration is now open for CSICON"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 May 2002 08:38:02 +0100 From: Barry Dorrans <barryd@IDUNNO.ORG> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
This is a cross summary of discussions from the incidents.org list.
There's been a severe rise in port 1433 scanning, and login attempts to
SA (using a blank password). It seems to be coming from Win2k boxes,
some of which are running basic IIS, in (from the home page) what looks
like an unused state.
I would suggest everyone makes sure that failed SQL logins are turned on
(this is off by default) - goto SQL enterprise manager, right click on
your server, choose properties and then choose security. The failed
login attempts go into the Application log (why that's not the security
log, I have no idea). Make sure that no SQL servers have blank SAs. Also
remember that some programs (Visio 2002 Enterprise for example) can
install MSDB, a cut down SQL engine, which will install with blank SA.
I can only assume that they are scanning for boxes missing the MS02-020
patch
Regards,
Barry
- Previous message: CSICONdotNET: "[CSICON] - Registration is now open for CSICON"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
