Hi Lists, Probably pointing out the obvious here, but thought to share info, since I had somehow missed these alerts... The May 15th SANS NewsBites had the following comments on port 1433 (MS SQL) scans as of late: "Update on Port 1433: Last week we reported on widespread scanning of port 1433, commonly used by Microsoft's SQL server. We noted that we had had no reports at Incidents.Org of exploits connected with the scanning. A few hours later we received the following note from the CISO of a large research organization: "[Our organization] has been hit at least twice in the last 2 weeks with Web defacements based on the exploit Port 1433/ms-sql, CAN-2002-0154. We were kind of shocked that within 1-2 weeks of Microsoft announcing the vulnerability, we were already hit by the exploit. Doesn't give much time to clean up. However, I haven't heard of widespread exploits yet. Also, I would hope most sites block external access to SQL Server. We happened to have a few servers that needed outside access for special purposes." A quick web search on CAN-2002-0154 yielded the following link, which also has links to CVE and the original MS bulletins: http://www.symantec.com/avcenter/security/Content/1865-6.html cheers, -ben *************************************** Benjamin Tomhave falconat_private http://falcon.cybersecret.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 16 2002 - 13:04:57 PDT