[unisog] 1433 scan increase

Johannes B. Ullrich jullrich at sans.org
Wed Dec 29 18:56:05 GMT 2004


On Wednesday 29 December 2004 12:39, zero at zero.byzero.net wrote:
> Anyone seeing an increase in port 1433 (MS SQLServer) scans over the last
> 24 hours?  It seems to have slowed down over the last 18 hours or so but
> continues.  I'm seeing this from many IP addresses mostly in Asia.

nothing particular here:

http://isc.sans.org/port_details.php?port=1433&repax=1&tarax=1&srcax=2

in the past, we did see some bots/worms that did try brute forcing ms-sql SA 
accounts and used it to execute shell commands (search for 'sqlsnake')

Note that sqlslammer uses 1434 UDP, while the login brute forcing happens on 
1433 TCP.


-- 
--------------------------------------------------------
Johannes Ullrich, jullrich at sans.org                   
CTO, SANS Internet Storm Center, http://isc.sans.org
--------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20041229/b6719aad/attachment-0002.bin


More information about the unisog mailing list