Here's an interesting article about it.. Jason http://www.incidents.org/diary/diary.php?id=156 On 21 May 2002 at 16:30, dr john halewood wrote: From: dr john halewood <johnat_private> Organization: unidentified sloths To: incidentsat_private Subject: Re: Strange scan on 1433 Date sent: Tue, 21 May 2002 16:30:01 +0100 Mailer: KMail [version 1.3.2] > On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote: > > I got a lot of scans today on port 1433 from numerous nets (part of them > > are .jp and .kr, but not all) > > Does anyone know what they're looking for on the port ? > > I've never been scanned on the port before. > > I'm getting a lot of these as well. 1433 is the Microsoft SQL server port. > There's a number of tools doing the rounds at the moment looking for the all > too common ms-sql servers with blank sa (database admin) passwords, as well > as a few that exploit vulnerabilities in unpatched servers. > > cheers > john > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 21 2002 - 12:45:31 PDT