Re: Strange scan on 1433

From: dr john halewood (john@frumious.unidec.co.uk)
Date: 05/21/02


From: dr john halewood <john@frumious.unidec.co.uk>
To: incidents@securityfocus.com
Date: Tue, 21 May 2002 16:30:01 +0100

On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote:
> I got a lot of scans today on port 1433 from numerous nets (part of them
> are .jp and .kr, but not all)
> Does anyone know what they're looking for on the port ?
> I've never been scanned on the port before.

 I'm getting a lot of these as well. 1433 is the Microsoft SQL server port.
There's a number of tools doing the rounds at the moment looking for the all
too common ms-sql servers with blank sa (database admin) passwords, as well
as a few that exploit vulnerabilities in unpatched servers.

cheers
john

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: [opensuse] Remote upgrade problem
    ... All my remote sites have serial console servers connected. ... CCM840 8 port, dedicated local console ...
    (SuSE)
  • Re: Blocking attacks from spoofed IP addresses
    ... cause a _Self_ Denial Of Service attack. ... Defeating Denial of Service Attacks ... of our DMZ servers, and had source IPs from our public DNS servers. ... Web services are on your port 80 and/or 443, ...
    (comp.os.linux.networking)
  • panic: page fault - 6.0-RELEASE-p7
    ... While we thought we had done enough testing, apparently we hadn't and are now experiencing panic's on a number of the servers. ... ppc0: parallel port not found. ... unknown: can't assign resources (memory) ...
    (freebsd-questions)
  • Re: panic: page fault - 6.0-RELEASE-p7 (now 6.1-RC2)
    ... While we thought we had done enough testing, apparently we hadn't and are now experiencing panic's on a number of the servers. ... It has shown that information before, and it has always been tcpserver from the ucspi-tcp-0.88_2 port. ... unknown: can't assign resources (memory) ...
    (freebsd-questions)
  • Is FreeBSD ready for desktop (Mozilla Flash)
    ... monitor,, somehow the install fails to detect ... "Macromedia Flash plugin is not available for FreeBSD. ... I quote again "Install the www/linuxpluginwrapper port. ... servers, ...
    (comp.unix.bsd.freebsd.misc)