[Dshield] UDP port 1433?

Johannes B. Ullrich jullrich at sans.org
Thu Dec 11 15:20:09 GMT 2003


Port 1433 is not the 'slammer' port. But instead, port 1433 is used by
regular MS-SQL connections. Usually, they happen via TCP. I am not sure
what you get from sending UDP to 1433.

Have to look at what we got here.

Quite a while ago (> 1yr) we had 'SQLSnake', which used 1433 TCP and
exploited SQL Servers without password.



On Thu, 2003-12-11 at 08:36, Juan Manuel Parreira wrote:
> X-Force Research
> Current Internet Threat Level
> The AlertCon is raised at Level 2. Our analysts are aware of a significant
> increase in UDP port 1433 (Microsoft-SQL-Server) over the past 36 hours.
> Published reports advise that the same "fire-and-forget" UDP packets
> methodology used by Slammer, might also be associated with these observed
> scanning efforts.
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031211/074be6c2/attachment.bin


More information about the list mailing list