Re: Strange scan on 1433

From: dr john halewood (john@frumious.unidec.co.uk)
Date: 05/21/02


From: dr john halewood <john@frumious.unidec.co.uk>
To: incidents@securityfocus.com
Date: Tue, 21 May 2002 16:30:01 +0100

On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote:
> I got a lot of scans today on port 1433 from numerous nets (part of them
> are .jp and .kr, but not all)
> Does anyone know what they're looking for on the port ?
> I've never been scanned on the port before.

 I'm getting a lot of these as well. 1433 is the Microsoft SQL server port.
There's a number of tools doing the rounds at the moment looking for the all
too common ms-sql servers with blank sa (database admin) passwords, as well
as a few that exploit vulnerabilities in unpatched servers.

cheers
john

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com