Serveral host broadcasting to port 1434
- From: the_loser55@xxxxxxxxxxx
- Date: 23 May 2008 17:10:08 -0000
Hello,
I've just started playing with snort rules and created a new rule for the internal network that would grab any traffic on port 1434 "Microsoft-SQL-Monitor". The rule is now running and I see several desktop PC's sending out traffic to destination 255.255.255.255 port 1434. So my question is are these desktops compromised. I've seen references to a MS-SQL worm with activity like this. Any thoughts would be much appreciated.
Thanks
- Follow-Ups:
- Re: Serveral host broadcasting to port 1434
- From: Adriel Desautels
- Re: Serveral host broadcasting to port 1434
- Prev by Date: Re: PCI: DSS
- Next by Date: Re: Serveral host broadcasting to port 1434
- Previous by thread: RE: DSS
- Next by thread: Re: Serveral host broadcasting to port 1434
- Index(es):
