[unisog] 1433 scan increase

Ken Connelly Ken.Connelly at uni.edu
Wed Dec 29 19:16:08 GMT 2004


I have seen a fairly steady, and *large* amount of scans aimed at TCP 
1433 for all of this past year.  I observed a general rise from the 
first of the year to mid-July, then a gradual fall until mid-November, 
when I saw a *sharp* increase (doubled to occasional tripled) to a level 
that has been sustained (more or less) since then.  Since mid-July, 1433 
has been the most-scanned port seen here on a daily basis with only a 
handful of exceptions.

In more detail, yesterday and today (so far) are definitely on the low 
end, while the day before was high and the two days before that were 
"average" for the past month.

- ken

zero at zero.byzero.net wrote:

>Anyone seeing an increase in port 1433 (MS SQLServer) scans over the last 24 hours?  It seems to have slowed down over the last 18 hours or so but continues.  I'm seeing this from many IP addresses mostly in Asia.
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>  
>

-- 
- Ken
=================================================================
Ken Connelly Systems and Operations Manager, ITS Network Services
University of Northern Iowa           Cedar Falls, IA  50614-0121
email: Ken.Connelly at uni.edu
phone: (319) 273-5850   fax: (319) 273-7373

It's much more important to know what you don't know than what you do know!





More information about the unisog mailing list