Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: Serveral host broadcasting to port 1434

Re: Serveral host broadcasting to port 1434

From: Adriel Desautels <adriel_at_netragard.com>
Date: Fri, 23 May 2008 15:46:01 -0400

Sounds a bit fishy. I'd evaluate the systems that are sending the
traffic. Identify the process responsible and make sure that it is not
malware. This does sound very malwareish.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn

the_loser55_at_hotmail.com wrote:
> Hello,
>
> I've just started playing with snort rules and created a new rule for the internal network that would grab any traffic on port 1434 "Microsoft-SQL-Monitor". The rule is now running and I see several desktop PC's sending out traffic to destination 255.255.255.255 port 1434. So my question is are these desktops compromised. I've seen references to a MS-SQL worm with activity like this. Any thoughts would be much appreciated.
>
> Thanks
Received on May 23 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]