Security Incidents: RE: Strange scan on 1433

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Strange scan on 1433

From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Tue, 21 May 2002 10:01:48 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 08:23 AM 5/21/2002, David LaPorte wrote:

They're looking for MS-SQL servers with blank/default sa passwords that are
missing the MS02-020 patch:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-020.asp


Others have mentioned the MS02-020 bulletin...  The BO referenced requires 
authenticated access to the box- thus the checks for blank SA.  But, of 
course, if you have a blank SA, there isn't really much point in worrying 
about the overflow.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPOp9fIhsmyD15h5gEQJQ0gCgv3ezP4Scr211WsfhlaSZvtFlcogAnjqR
YWWw6fbXaVhN1dF+JA22yQLC
=/hkB
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Strange scan on 1433 Pavel Lozhkin (May 21)
- Re: Strange scan on 1433 dr john halewood (May 21)
  - Re: Strange scan on 1433 Jason Robertson (May 21)
- RE: Strange scan on 1433 David LaPorte (May 21)
  - RE: Strange scan on 1433 Deus, Attonbitus (May 21)
  - RE: Strange scan on 1433 Blake Frantz (May 21)
    - Re: Strange scan on 1433 George Bakos (May 21)
    - Worms and CScript/WScript Blake Frantz (May 21)
    - Re: Worms and CScript/WScript Ryan Russell (May 21)
    - RE: Worms and CScript/WScript Michael Wright (May 21)