Security Incidents mailing list archives

Re: Increased connects to Port 1433

From: Tracey Losco <tal1 () its nyu edu>
Date: Tue, 21 May 2002 11:30:48 -0400

Yes, we're seeing it here at NYU too...the most recent info that I'veseen on this is:


Saturday, May 4th 2002
Large scale MSSQL scans.

================================================================
========================

For the last few days, we received a number of reports of widespread
scans of port 1433. The most common use of port 1433 is Microsoft's
SQL server.

Just this march, a vulnerability in SQL Server 7.0 and 2000 was shown
to allow access to the the security context of the server
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0154). Microsoft
released and advisory and a patch for this problem.

(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-020.asp)


It has also been known that many administrators do not change the
default password for the administrator account. SQL Server by default
ships with no password set for this account
( http://www.bhs.silesianet.pl/html/sql.htm ).

--------------------------------------------------------------------
Tracey Losco
Network Security Analyst                security () nyu edu
ITS - Network Services                  http://www.nyu.edu/its/security
New York University                     (212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5


At 10:33 AM -0400 5/21/02, Darrin Powell wrote:

Is anyone else seeing this?






Thanks
--
Darrin Powell
System Administrator
LSSi, Corp.
(919) 466-6803


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Increased connects to Port 1433 Darrin Powell (May 21)
- Re: Increased connects to Port 1433 Tracey Losco (May 21)
- <Possible follow-ups>
- RE: Increased connects to Port 1433 Pour, Matthew (May 21)
- RE: Increased connects to Port 1433 Lee_Fisher (May 21)
- RE: Increased connects to Port 1433 Keith T. Morgan (May 21)
  - Re: Increased connects to Port 1433 Travis Pugh (May 21)
- RE: Increased connects to Port 1433 Tom Pope (May 21)