[Dshield] port 1433
hobbit at avian.org
Mon May 20 20:44:39 GMT 2002
I was gonna mention this myself earlier today, but then went grubbin' around
on securityfocus and a couple of other places and found that the tcp 1433
activity is a known SQL attack -- something to do with lame default "sa"
passwords and shoving data through to xp_cmdshell. So I figured everyone
already knew about it. Maybe not. Well, that's what it is. If you hang
a SQL server out on your exterior, or know someone who does, line up for
your honorary dope-slap.
Why did I go lookin'? It's been pounding hard on the front gates *all* day.
Definitely something brewing, but mostly from innocent third-party machines
that have already been knocked over. *sigh*
The funniest one I chased was the Exchange server at some podunk law firm
whose ONE IT guy is on vacay. He could hardly hear me reading off the IP
address to him because his shrieking 3-year-old was bouncing all over
the hotel room..
More information about the list