Yes, we're seeing it here at NYU too...the most recent info that I've seen on this is: Saturday, May 4th 2002 Large scale MSSQL scans. ================================================================ ======================== For the last few days, we received a number of reports of widespread scans of port 1433. The most common use of port 1433 is Microsoft's SQL server. Just this march, a vulnerability in SQL Server 7.0 and 2000 was shown to allow access to the the security context of the server (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0154). Microsoft released and advisory and a patch for this problem. (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-020.asp ) It has also been known that many administrators do not change the default password for the administrator account. SQL Server by default ships with no password set for this account ( http://www.bhs.silesianet.pl/html/sql.htm ). -------------------------------------------------------------------- Tracey Losco Network Security Analyst securityat_private ITS - Network Services http://www.nyu.edu/its/security New York University (212) 998 - 3433 PGP Fingerprint: 8FFB FE47 6156 7BF0 B19E 462B 9DFE 51F5 At 10:33 AM -0400 5/21/02, Darrin Powell wrote: >Is anyone else seeing this? > > > > > > >Thanks >-- >Darrin Powell >System Administrator >LSSi, Corp. >(919) 466-6803 > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 21 2002 - 08:38:59 PDT