[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] TCP port 1433 attacks (MS SQL)

Subject: [ale] TCP port 1433 attacks (MS SQL)
From: kaboom at gatech.edu (Chris Ricker)
Date: Wed, 22 May 2002 05:28:58 -0600 (MDT)

On Wed, 22 May 2002, Transam wrote:

> In the past 24 hours there has been a tremendous increase in attacks to
> TCP port 1433 (Microsoft's SQL server).  In at least some of these, the
> attacker is checking for an allowed login with the default account name
> of "sa" and an empty password.  Unless your Firewall is blocking this you
> are at risk.

It's actually a new worm which is attacking SQL Server.  See
<http://www.iss.net/security_center/alerts/advise118.php> for fairly
complete details, or <http://www.incidents.org/diary/diary.php?id_6> for
another analysis.

Although neither of those mention it, some discussions about this 
yesterday indicate that it might have password brute-forcing 
capabilities (in addition to targeting null passwords).  That was probably 
just panic'ed over-reaction to the Next Microsoft Worm, though ;-)

later,
chris

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] TCP port 1433 attacks (MS SQL)
Next by Date: [ale] TCP port 1433 attacks (MS SQL)
Previous by thread: [ale] TCP port 1433 attacks (MS SQL)
Next by thread: [ale] TCP port 1433 attacks (MS SQL)
Index(es):
- Date
- Thread