RE: Strange scan on 1433

From: Blake Frantz (blakeat_private)
Date: Tue May 21 2002 - 09:46:49 PDT

  • Next message: Johannes Ullrich: "Re: Strange scan on 1433"

    >-----Original Message-----
    >From: David LaPorte [mailto:david_laporteat_private] 
    >Sent: Tuesday, May 21, 2002 10:23 AM
    >To: Pavel Lozhkin; incidentsat_private
    >Subject: RE: Strange scan on 1433
    >They're looking for MS-SQL servers with blank/default sa passwords that
    are missing the MS02-020 
    It's not limited to *blank* sa passwords:
    IMPORTANT ADDITION (thanks to George Bakos, ISTS for pointing this out):
    The worm includes code to brute force the SA password. Using a password
    larger than 8 characters, or a password containing non alphanumeric 
    characters (punktuation) will defend against this brute forcing.
    Additionally, roelofat_private / haroonat_private from sensepost
    wrote a .pl for finding blank sa passwords.  Some may find it useful.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Tue May 21 2002 - 13:27:25 PDT