[ale] TCP port 1433 attacks (MS SQL)

Chris Ricker kaboom at gatech.edu
Wed May 22 07:28:58 EDT 2002


On Wed, 22 May 2002, Transam wrote:

> In the past 24 hours there has been a tremendous increase in attacks to
> TCP port 1433 (Microsoft's SQL server).  In at least some of these, the
> attacker is checking for an allowed login with the default account name
> of "sa" and an empty password.  Unless your Firewall is blocking this you
> are at risk.

It's actually a new worm which is attacking SQL Server.  See
<http://www.iss.net/security_center/alerts/advise118.php> for fairly
complete details, or <http://www.incidents.org/diary/diary.php?id_6> for
another analysis.

Although neither of those mention it, some discussions about this 
yesterday indicate that it might have password brute-forcing 
capabilities (in addition to targeting null passwords).  That was probably 
just panic'ed over-reaction to the Next Microsoft Worm, though ;-)

later,
chris



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list