[ale] TCP port 1433 attacks (MS SQL)
Chris Ricker
kaboom at gatech.edu
Wed May 22 07:28:58 EDT 2002
On Wed, 22 May 2002, Transam wrote:
> In the past 24 hours there has been a tremendous increase in attacks to
> TCP port 1433 (Microsoft's SQL server). In at least some of these, the
> attacker is checking for an allowed login with the default account name
> of "sa" and an empty password. Unless your Firewall is blocking this you
> are at risk.
It's actually a new worm which is attacking SQL Server. See
<http://www.iss.net/security_center/alerts/advise118.php> for fairly
complete details, or <http://www.incidents.org/diary/diary.php?id_6> for
another analysis.
Although neither of those mention it, some discussions about this
yesterday indicate that it might have password brute-forcing
capabilities (in addition to targeting null passwords). That was probably
just panic'ed over-reaction to the Next Microsoft Worm, though ;-)
later,
chris
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list