[unisog] 1433 scan increase

Johannes B. Ullrich jullrich at sans.org
Wed Dec 29 18:56:05 GMT 2004

On Wednesday 29 December 2004 12:39, zero at zero.byzero.net wrote:
> Anyone seeing an increase in port 1433 (MS SQLServer) scans over the last
> 24 hours?  It seems to have slowed down over the last 18 hours or so but
> continues.  I'm seeing this from many IP addresses mostly in Asia.

nothing particular here:


in the past, we did see some bots/worms that did try brute forcing ms-sql SA 
accounts and used it to execute shell commands (search for 'sqlsnake')

Note that sqlslammer uses 1434 UDP, while the login brute forcing happens on 
1433 TCP.

Johannes Ullrich, jullrich at sans.org                   
CTO, SANS Internet Storm Center, http://isc.sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20041229/b6719aad/attachment-0002.bin

More information about the unisog mailing list