[Dshield] SQL Port 1433

Louis Hablas Louis.Hablas at rzim.org
Tue May 21 13:56:58 GMT 2002


212.94.227.73
203.231.2.224
24.70.205.159
202.99.103.197
211.111.71.172
208.145.20.169
65.212.37.181 ---> The Fortress Group (NETBLK-UU-65-212-37-176)
   			603 Park Point Dr
   			Golden, CO 80401
   			US

Just a sampling of IP addresses (from today's log) I've seen associated with
probes.  The sig I'm seeing is three lines long in my ISA logs.  Not sure if
this is same hack attempt that others are seeing.

Lou

-----Original Message-----
From: Erik J. Varney [mailto:erik at centralsecurity.net]
Sent: Tuesday, May 21, 2002 9:08 AM
To: DShield Mailing List
Subject: [Dshield] SQL Port 1433


Here is a primitive list of IP Addresses that have hit our network block
with port 1433. Could be helpful or irrevelant, anyways here it is.
Gathering more info.

216.29.34.62
64.214.111.152
61.254.88.106
61.222.39.162
202.88.237.211
211.54.76.1
202.62.64.249
213.41.120.69
207.237.228.56
63.199.4.108
207.97.136.74
194.244.241.18
206.176.108.30
134.114.32.61
64.113.192.86
64.180.111.123
207.42.1.146
209.251.226.148
12.98.189.142
202.160.144.92
210.181.196.67
12.4.240.219
196.34.53.251
208.23.197.10
66.68.131.98
24.156.129.166
209.151.244.144
210.91.74.131
213.107.179.158
216.28.148.69
63.146.69.111
158.37.52.43
211.244.251.116
203.224.9.13
216.135.253.29
210.181.10.97

Erik

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list