Re: Port 1443
- From: "Jamie Riden" <jamie.riden@xxxxxxxxx>
- Date: Fri, 22 Dec 2006 17:15:26 +1300
On 22/12/06, Richards, Jim <jim.richards@xxxxxxxxxxxxxxx> wrote:
Isn't that the admin port for sql-server[resend, bounced due to nonsubcribed address]
Nearly. Slammer exploited a flaw in SQL server on 1434/udp. SQL server
also uses 1433/tcp IIRC.
"The worm targeting SQL Server computers is self-propagating malicious
code that exploits the vulnerability described in VU#484891
(CAN-2002-0649). This vulnerability allows for the execution of
arbitrary code on the SQL Server computer due to a stack buffer
overflow.
Once the worm compromises a machine, it will try to propagate itself.
The worm will craft packets of 376-bytes and send them to randomly
chosen IP addresses on port 1434/udp. If the packet is sent to a
vulnerable machine, this victim machine will become infected and will
also begin to propagate. Beyond the scanning activity for new hosts,
the current variant of this worm has no other payload." --
http://www.cert.org/advisories/CA-2003-04.html
cheers,
Jamie
--
Jamie Riden, CISSP / jamesr@xxxxxxxxxx / jamie.riden@xxxxxxxxx
NZ Honeynet project - http://www.nz-honeynet.org/
- Follow-Ups:
- Re: Port 1443
- From: Lee Lawson
- Re: Port 1443
- References:
- RE: Port 1443
- From: Richards, Jim
- RE: Port 1443
- Prev by Date: Re: Banner Grabbing
- Next by Date: Re: Banner Grabbing
- Previous by thread: RE: Port 1443
- Next by thread: Re: Port 1443
- Index(es):
Relevant Pages
|
|
