Security Incidents: Re: Strange scan on 1433

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Strange scan on 1433

From: dr john halewood <john () frumious unidec co uk>
Date: Tue, 21 May 2002 16:30:01 +0100

On Tuesday 21 May 2002 2:38 pm, Pavel Lozhkin wrote:

I got a lot of scans today on port 1433 from numerous nets (part of them
are .jp and .kr, but not all)
Does anyone know what they're looking for on the port ?
I've never been scanned on the port before.


 I'm getting a lot of these as well. 1433 is the Microsoft SQL server port. 
There's a number of tools doing the rounds at the moment looking for the all 
too common ms-sql servers with blank sa (database admin) passwords, as well 
as a few that exploit vulnerabilities in unpatched servers.

cheers
john


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Strange scan on 1433 Pavel Lozhkin (May 21)
- Re: Strange scan on 1433 dr john halewood (May 21)
  - Re: Strange scan on 1433 Jason Robertson (May 21)
- RE: Strange scan on 1433 David LaPorte (May 21)
  - RE: Strange scan on 1433 Deus, Attonbitus (May 21)
  - RE: Strange scan on 1433 Blake Frantz (May 21)
    - Re: Strange scan on 1433 George Bakos (May 21)