Re: Strange scan on 1433

From: Jason Robertson (jason@ifuture.com)
Date: 05/21/02

Previous message: Deus, Attonbitus: "RE: Strange scan on 1433"
In reply to: dr john halewood: "Re: Strange scan on 1433"
Next in thread: Dias Sgt Kristin F: "RE: Strange scan on 1433"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jason Robertson" <jason@ifuture.com>
To: incidents@securityfocus.com
Date: Tue, 21 May 2002 12:25:04 -0400

Here's an interesting article about it..

Jason

http://www.incidents.org/diary/diary.php?id=156

On 21 May 2002 at 16:30, dr john halewood wrote:

From: dr john halewood <john@frumious.unidec.co.uk>
Organization: unidentified sloths
To: incidents@securityfocus.com
Subject: Re: Strange scan on 1433
Date sent: Tue, 21 May 2002 16:30:01 +0100
Mailer: KMail [version 1.3.2]

> On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote:
> > I got a lot of scans today on port 1433 from numerous nets (part of them
> > are .jp and .kr, but not all)
> > Does anyone know what they're looking for on the port ?
> > I've never been scanned on the port before.
>
> I'm getting a lot of these as well. 1433 is the Microsoft SQL server port.
> There's a number of tools doing the rounds at the moment looking for the all
> too common ms-sql servers with blank sa (database admin) passwords, as well
> as a few that exploit vulnerabilities in unpatched servers.
>
> cheers
> john
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Deus, Attonbitus: "RE: Strange scan on 1433"
In reply to: dr john halewood: "Re: Strange scan on 1433"
Next in thread: Dias Sgt Kristin F: "RE: Strange scan on 1433"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Worm1800.exe on UnderNet?
... :!Notice!: A Recent Port Scan on your Computer reveals that Port 1800 ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
Re: [opensuse] Remote upgrade problem
... All my remote sites have serial console servers connected. ... CCM840 8 port, dedicated local console ...
(SuSE)
Re: Blocking attacks from spoofed IP addresses
... cause a _Self_ Denial Of Service attack. ... Defeating Denial of Service Attacks ... of our DMZ servers, and had source IPs from our public DNS servers. ... Web services are on your port 80 and/or 443, ...
(comp.os.linux.networking)
panic: page fault - 6.0-RELEASE-p7
... While we thought we had done enough testing, apparently we hadn't and are now experiencing panic's on a number of the servers. ... ppc0: parallel port not found. ... unknown: can't assign resources (memory) ...
(freebsd-questions)
RE: possible ssh hack
... >> port 4207 ... >> analyzer service. ... >> and tracking system please see: ...
(Incidents)