Re: Firewall faqs( was Re: BEFSR41 config(was Re: Messenger Service on W2K server

From: Michel Gallant (MVP) (neutron@istar.ca)
Date: 10/30/02 

Date: Wed, 30 Oct 2002 13:09:02 -0500
From: "Michel Gallant (MVP)" <neutron@istar.ca>

ok, starting to see a few 1433, but mostly 137.
Are there any statistics on what domains are sourcing most of these
probes? (i.e. via query via http://ww1.arin.net/whois/)
 - Mitch

Bill Sanderson wrote:

> Thanks--I'm very glad I don't need to run a SQL server exposed to the
> Internet--these are "interesting times" for those with such a need.
>
> "Gary Flynn" <flynngn@jmu.edu> wrote in message
> news:3DBEC803.6B289B14@jmu.edu...
> > Bill Sanderson wrote:
> > >
> > > I haven't figured out what is most useful--I don't know if I am getting
> all
> > > the 1433's at the NT4 site because they can spot that it is NT4 server
> >
> > The 1433 scans are caused by both worms and hackers. I've found
> > cracking tools that automate the scanning. The scans are extremely
> > frequent on the Internet.
> >
> > --
> > Gary Flynn
> > Security Engineer - Technical Services
> > James Madison University