RE: Decrease in 1433 Scans?

From: Salisko, Rick (SaliskoR@ottawapolice.ca)
Date: 05/23/02 

From: "Salisko, Rick" <SaliskoR@ottawapolice.ca>
To: 'loon' <loon@loadedpenguin.com>, Matt Barton <matt@webexc.com>
Date: Thu, 23 May 2002 13:26:04 -0400

Ditto, no decrease here, although no increase either....

Rick

-----Original Message-----
From: loon [mailto:loon@loadedpenguin.com]
Sent: May 23, 2002 1:00 PM
To: Matt Barton
Cc: incidents@securityfocus.com
Subject: Re: Decrease in 1433 Scans?

I am still recieving hits, although we only get hit by a single host,
around once every 1-1.5 hours, albeit multiple connections per hit. So,
our answer here would have to be - steady.

cheers,
loon

 On Thu, 23 May 2002, Matt Barton wrote:

> Hello
>
> Access attempts to port 1433 have been steady all this week, with tons of
> attempts every hour showing up in our firewall log; however, I have not
> had a single attempt since 5:43 AM EST (no EDT here in Indiana).
>
> The firewall is still logging and the integrity of my access-list appears
> to be fine. I doubt our uplink provider is doing this, as I can reach the
> firewall if I attempt to connect to port 1433 with nmap from a remote
> system.
>
> Anyone else seeing this?
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Decrease in 1433 Scans?
    ... I am still recieving hits, although we only get hit by a single host, ... > The firewall is still logging and the integrity of my access-list appears ... > firewall if I attempt to connect to port 1433 with nmap from a remote ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: Is this a known virus?
    ... you've been hit with some nasty scumware. ... Not a virus or trojan in ... web like Zona Alarm or Kerio Personal Firewall. ... > account and then scoped out bank information from another. ...
    (microsoft.public.windowsxp.general)
  • Re: Squid+Privoxy or Snort?
    ... >>Squid can be used if you redirect all web traffic through the squid ... > squid as a firewall only isnt very smart. ... The proxy should speed up access if the same sites are being hit, ... incoming mail. ...
    (freebsd-questions)
  • Re: Is this a known virus?
    ... you've been hit with some nasty scumware. ... > web like Zona Alarm or Kerio Personal Firewall. ... > Made me a firm believer in firewalls and anti-spyware, ...
    (microsoft.public.windowsxp.general)
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... > being exploited then you have effectively no chance of getting hit by it ... Peter, we still see people posting running RH 9.0 which is ... but no firewall would have helped ... > disallow access to these nonexisting servers. ...
    (comp.os.linux.misc)