Port 1269 Open, SQL Database stolen, can I put 1 and 2 together

From: Ryan (ryan@bingoville.com)
Date: 03/08/02


From: ryan@bingoville.com (Ryan)
Date: 7 Mar 2002 16:53:56 -0800

Recently we found that our user database was stolen (because we
started receiving their emails to our test account). While doing a
port scan I found that port 1269 (Maverick's Matrix) was open. I did
some research on that particular trojan and couldn't find the
associated registry entry/file.

I downloaded Maverick's Matrix and tried to connect to my server -
success. None of the program's options (send message, file server,
password listener, etc) worked though. Then I installed a port
listener on my server and connected again. It told me that I was
connecting to c:\winnt\system32\wbem\WinMgmt.exe. I looked in the
wbem logs and found that they had started around the time our database
must have been stolen, and that except for my tests with the trojan,
they hadnt been written to since a certain date (where there were many
SQL related entries in the log).

Am I jumping the gun to say that the open port and the missing
database could be related? Maverick's Matrix is not supposed to
connect to WinMgmt.exe from what I've read, so it's still a
possibility that I'm seeing something else when connecting (default
port connection handler or something).

Any info out there?



Relevant Pages

  • Re: publishing on the web with filemaker pro via a local network
    ... i would like publish on the web a filemaker pro database which is on a given computer on my local network ... but neither "no database available" nor the list of available databases, neither with icab nor with safari, when i connect via apache, ... Also in your config section for filemaker on the database concerned you need to turn on sharing and stipulate port 591. ...
    (comp.databases.filemaker)
  • Re: MySQL communication around a firewall
    ... Allowing outside connection to a database server is not ... idea of communicating through another port. ... The normal solution to this problem is to use a servlet acting as a proxy. ... web client talks to the servlet, the servlet in turn talks to the database. ...
    (comp.lang.java.programmer)
  • Re: Ports to open in Windows Firewall for SQL Server 2005
    ... generally 1433 port is enough for connecting to ... SQL server database engine. ... 1434 UDP port since it will be used for establishing linked connection from ... "Connecting SQL Server over internet....": ...
    (microsoft.public.sqlserver.connect)
  • Re: How can I search a form without using FilterbyForm?
    ... >I am trying to port a database from LotusApproach to Access. ... >commas (for multiple instances). ...
    (microsoft.public.access.forms)
  • DB Fault Tolerance - network connections
    ... a Perl server which talks to a PostgreSQL database on a different phys. ... block the port on the DB server, ... Note that I'm using iptables on the box that is running the Postgresql ...
    (perl.dbi.users)