Yesterday was actually our busiest day so far for 1433 scans. We saw our first presumably automated scan (111 connection attempts, within a few seconds) on 5/19. Yesterday (5/22) we got three of them, for a total of 300 or so connection attempts. This in comparison to the 80K - 120K TCP 80 scans we get per day, depending on what day of the month it is. John Campbell, CISSP, GCWN Information Security Engineer Washington School Information Processing Cooperative (WSIPC) -----Original Message----- From: Matt Barton [mailto:mattat_private] Sent: Thursday, May 23, 2002 9:38 AM To: incidentsat_private Subject: Decrease in 1433 Scans? Hello Access attempts to port 1433 have been steady all this week, with tons of attempts every hour showing up in our firewall log; however, I have not had a single attempt since 5:43 AM EST (no EDT here in Indiana). The firewall is still logging and the integrity of my access-list appears to be fine. I doubt our uplink provider is doing this, as I can reach the firewall if I attempt to connect to port 1433 with nmap from a remote system. Anyone else seeing this? -- Matt Barton Webexcellence mattat_private Phone: 317.423.3548 x22 Fax: 317.423.8735 www.webexc.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 11:27:04 PDT