[unisog] earlier report of SQL slapper worm

Laurie Zirkle lat at cns.vt.edu
Wed Jan 29 13:21:05 GMT 2003


Now port 1433 is a totally different story.  The first
attempts I have logged are back in 2001:
Jan  1 09:31:46 hostm Connection attempt to TCP z.y.161.28:1433 from 194.165.0.6:3924
Jan  1 09:31:47 hostm Connection attempt to TCP z.y.161.28:1433 from 194.165.0.6:3924
Jan  1 09:31:48 hostm Connection attempt to TCP z.y.161.28:1433 from 194.165.0.6:3924
Jan 16 23:13:57 213.96.78.198:59887 -> z.y.x.98:1433 SYN ******S*
Jan 16 23:31:44 213.96.78.198:35897 -> z.y.x.98:1433 SYN ******S*
Jan 16 23:41:52 213.96.78.198:35903 -> z.y.x.98:1433 SYN ******S*
May 29 09:04:59 hostm Connection attempt to TCP z.y.161.28:1433 from 62.155.251.2:36408
May 29 09:04:59 62.155.251.2:36408 -> z.y.161.28:1433 SYN ******S*
May 31 02:45:22 24.113.162.104:51218 -> a.b.c.62:1433 SYN ******S*
May 31 04:01:25 24.113.162.104:51219 -> a.b.e.48:1433 SYN ******S*
May 31 04:01:48 24.113.162.104:51222 -> a.b.e.48:1433 SYN ******S*
May 31 04:58:26 24.113.162.104:51219 -> a.b.e.229:1433 SYN ******S*
May 31 04:58:49 24.113.162.104:51222 -> a.b.e.229:1433 SYN ******S*
May 31 05:44:09 24.113.162.104:51219 -> a.b.f.133:1433 SYN ******S*
May 31 05:44:32 24.113.162.104:51222 -> a.b.f.133:1433 SYN ******S*
May 31 06:05:31 hostmf /kernel: Connection attempt to TCP a.b.f.167:1433 from 24.113.162.104:51218
Aug  6 13:36:28 hosth /kernel: Connection attempt to TCP a.b.c.62:1433 from 193.189.183.225:1754
Aug  6 13:36:28 hosth /kernel: Connection attempt to TCP a.b.c.62:1433 from 193.189.183.225:1754
Aug  6 13:36:29 hosth /kernel: Connection attempt to TCP a.b.c.62:1433 from 193.189.183.225:1754
Aug  6 13:36:30 hosth /kernel: Connection attempt to TCP a.b.c.62:1433 from 193.189.183.225:1754
Aug 11 15:49:20 hostm Connection attempt to TCP z.y.w.12:1433 from 211.22.82.228:3284
Aug 11 15:49:21 hostm Connection attempt to TCP z.y.w.12:1433 from 211.22.82.228:3284
Aug 11 15:49:22 hostm Connection attempt to TCP z.y.w.12:1433 from 211.22.82.228:3284
Oct 24 23:32:41 62.149.163.98:1057 -> a.b.c.62:1433 SYN ******S*
Nov 22 19:25:39 hostm Connection attempt to TCP z.y.w.12:1433 from 213.51.204.55:1656
Nov 22 19:25:40 hostm Connection attempt to TCP z.y.w.12:1433 from 213.51.204.55:1656
Dec 26 15:24:02 200.32.96.80:2052 -> z.y.x.34:1433 SYN ******S*
Dec 26 16:15:10 200.32.96.80:3162 -> z.y.x.34:1433 SYN ******S*

And literally thousands in 2002 and at least a couple hundred this year so far

-- 
Laurie



More information about the unisog mailing list