They're looking for MS-SQL servers with blank/default sa passwords that are missing the MS02-020 patch: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS02-020.asp We've been getting killed with these since yesterday. David LaPorte -----Original Message----- From: Pavel Lozhkin [mailto:pavelat_private] Sent: Tuesday, May 21, 2002 9:38 AM To: incidentsat_private Subject: Strange scan on 1433 I got a lot of scans today on port 1433 from numerous nets (part of them are .jp and .kr, but not all) Does anyone know what they're looking for on the port ? I've never been scanned on the port before. -- Pavel ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 21 2002 - 08:52:37 PDT