>-----Original Message----- >From: David LaPorte [mailto:david_laporteat_private] >Sent: Tuesday, May 21, 2002 10:23 AM >To: Pavel Lozhkin; incidentsat_private >Subject: RE: Strange scan on 1433 > >They're looking for MS-SQL servers with blank/default sa passwords that are missing the MS02-020 > > It's not limited to *blank* sa passwords: From: http://www.incidents.org/diary/diary.php?id=156 <snip> IMPORTANT ADDITION (thanks to George Bakos, ISTS for pointing this out): The worm includes code to brute force the SA password. Using a password larger than 8 characters, or a password containing non alphanumeric characters (punktuation) will defend against this brute forcing. </snip> Additionally, roelofat_private / haroonat_private from sensepost wrote a .pl for finding blank sa passwords. Some may find it useful. http://www.sensepost.com/misc/SQLinsertion.htm -Blake ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 21 2002 - 13:27:25 PDT