[Dshield] RedHat systems seem to originate a lot of port 1433 attacks

John Sage jsage at finchhaven.com
Sat May 25 16:07:04 GMT 2002

On Sat, May 25, 2002 at 08:43:46AM -0500, Ed Truitt wrote:
> This may be consistent with the reports there are actually several worms
> loose - one of which reportedly attacks MS-SQL systems from a *nix box.

At the moment, I guess my only thought is that I haven't seen any
evidence of a *nix-based MS-SQL exploit in this current go-round.

And the only discussion is in very general terms, in a very small
number of posts (I'm looking at intrusions; handler; snort; a couple
other security lists..) with, again, no evidence.

(Actually, after a *quick* scan, the only discussion seems to be this
thread in this list!)

So, not to say that there aren't *nix-based 'sploits against MS-SQL,
but only that the current events seem clearly to be M$-based.

- John
You simply can never have too many shells

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 

> ----- Original Message -----
> From: "John Sage" <jsage at finchhaven.com>
> To: <list at dshield.org>
> Cc: "Samantha Fetter" <sama at enteract.com>
> Sent: Friday, May 24, 2002 11:34 PM
> Subject: Re: [Dshield] RedHat systems seem to originate a lot of port 1433
> attacks
> > On Wed, May 22, 2002 at 01:35:03PM -0400, Jon R. Kibler wrote:
> > <snip>
> > > This seems consistent with what we have been seeing. At least half
> > of the systems hitting us (actually, all but a couple of the systems
> > where someone was willing to talk to us!) were RedHat Linux systems.
> > <snip>
> >
> > I have seen nothing of the sort.
> >
> > Here's an example listing, from IP's posted to the list a day
> > ago. There's not a Red Hat box in the lot:
> >
> [SNIP]

More information about the list mailing list