Decrease in 1433 Scans?

From: Matt Barton (matt@webexc.com)
Date: 05/23/02


Date: Thu, 23 May 2002 11:38:13 -0500 (EST)
From: Matt Barton <matt@webexc.com>
To: incidents@securityfocus.com

Hello

Access attempts to port 1433 have been steady all this week, with tons of
attempts every hour showing up in our firewall log; however, I have not
had a single attempt since 5:43 AM EST (no EDT here in Indiana).

The firewall is still logging and the integrity of my access-list appears
to be fine. I doubt our uplink provider is doing this, as I can reach the
firewall if I attempt to connect to port 1433 with nmap from a remote
system.

Anyone else seeing this?

-- 

Matt Barton Webexcellence matt@webexc.com Phone: 317.423.3548 x22 Fax: 317.423.8735 www.webexc.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is secedit.exe left by a hacker?
    ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
    (microsoft.public.win2000.security)