Increase in MS-SQL Probes



We have been seeing an increase in port 1433 in the past few days.
Multiple probes directed towards port 1433 are still being captured.
Just this day, the probes came from not less than 10 different IP
sources for one target. Bulk of the IP sources are coming from
mainland China but a number of probes can be traced to Hong Kong and
Korea.

Full write-up:
http://www.philippinehoneynet.org/data.php

Ryan Talabis
Philippine Honeynet Project



Relevant Pages

  • Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... > non-critical patches. ... just did stealth scan again nd the result is shown below. ... FTP DATA 20 BLOCKED This port has not responded to any of our probes. ...
    (comp.security.firewalls)
  • Re: port 22 scans + 53 scans
    ... port 22 scans + 53 scans ... The tcp:53 probes seem to be some sort of distance-metrics/load ... balancing activity. ... > If firewalls are dropping these packets, ...
    (Incidents)
  • Re: Should nmap cause a DoS on cisco routers?
    ... I had the task to discover the SNMP version that our ... servers and networking devices use. ... Almost certainly what is causing the crash is not the port scan itself ... The way -sV works is that the probes listed in your nmap-service-probes ...
    (Pen-Test)
  • RE: TCP port 5000 syn increasing
    ... > port scans. ... IMHO it has *never* been sufficient to simply count and analyse probes ... The ability to say "12.53 % of unsolicited traffic at my network ... Security Linux, the comprehensive security solution that combines six ...
    (Incidents)
  • Re: Port 20110 - sudden increase - why?
    ... > My linux firewall at home has logged a sudden increase in probes to port ... > 7 195.029.098.166 Croatian Telecom ... port, to anything else that randomly picks dynamic ports (real player, media ...
    (comp.security.firewalls)