[unisog] 1433 scan increase
Ken.Connelly at uni.edu
Wed Dec 29 19:16:08 GMT 2004
I have seen a fairly steady, and *large* amount of scans aimed at TCP
1433 for all of this past year. I observed a general rise from the
first of the year to mid-July, then a gradual fall until mid-November,
when I saw a *sharp* increase (doubled to occasional tripled) to a level
that has been sustained (more or less) since then. Since mid-July, 1433
has been the most-scanned port seen here on a daily basis with only a
handful of exceptions.
In more detail, yesterday and today (so far) are definitely on the low
end, while the day before was high and the two days before that were
"average" for the past month.
zero at zero.byzero.net wrote:
>Anyone seeing an increase in port 1433 (MS SQLServer) scans over the last 24 hours? It seems to have slowed down over the last 18 hours or so but continues. I'm seeing this from many IP addresses mostly in Asia.
>unisog mailing list
>unisog at lists.sans.org
Ken Connelly Systems and Operations Manager, ITS Network Services
University of Northern Iowa Cedar Falls, IA 50614-0121
email: Ken.Connelly at uni.edu
phone: (319) 273-5850 fax: (319) 273-7373
It's much more important to know what you don't know than what you do know!
More information about the unisog