Re: Strange scan on 1433

From: dr john halewood (
Date: 05/21/02

From: dr john halewood <>
Date: Tue, 21 May 2002 16:30:01 +0100

On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote:
> I got a lot of scans today on port 1433 from numerous nets (part of them
> are .jp and .kr, but not all)
> Does anyone know what they're looking for on the port ?
> I've never been scanned on the port before.

 I'm getting a lot of these as well. 1433 is the Microsoft SQL server port.
There's a number of tools doing the rounds at the moment looking for the all
too common ms-sql servers with blank sa (database admin) passwords, as well
as a few that exploit vulnerabilities in unpatched servers.


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: