[Dshield] UDP port 1433?
Johannes B. Ullrich
jullrich at sans.org
Thu Dec 11 15:20:09 GMT 2003
Port 1433 is not the 'slammer' port. But instead, port 1433 is used by
regular MS-SQL connections. Usually, they happen via TCP. I am not sure
what you get from sending UDP to 1433.
Have to look at what we got here.
Quite a while ago (> 1yr) we had 'SQLSnake', which used 1433 TCP and
exploited SQL Servers without password.
On Thu, 2003-12-11 at 08:36, Juan Manuel Parreira wrote:
> X-Force Research
> Current Internet Threat Level
> The AlertCon is raised at Level 2. Our analysts are aware of a significant
> increase in UDP port 1433 (Microsoft-SQL-Server) over the past 36 hours.
> Published reports advise that the same "fire-and-forget" UDP packets
> methodology used by Slammer, might also be associated with these observed
> scanning efforts.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 786 1563
fax: (617) 786 1550 jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031211/074be6c2/attachment.bin
More information about the list