[ale] [Fwd: RE: MS SQL WORM and PORT 1434!]

Chuck Huber chuck at cehuber.org
Tue Jan 28 08:21:59 EST 2003


On Mon, Jan 27, 2003 at 11:45:56PM -0500, Michael H. Warfield wrote:
> On Mon, Jan 27, 2003 at 11:15:03AM -0500, Chuck Huber wrote:
> > On Mon, Jan 27, 2003 at 03:36:17AM -0600, Denny Chambers wrote:
> > > I have been receiving hits on port 1433 which is listed as another 
> > > MS-SQL port.
> 
> > Yeah, those are common.  Mostly a bunch of jerks trying to login
> > using default passwords.  Recall the "FIELD SERVICE" admin account
> > that was shipped with VAXen for many years.
> 
> 	WRONG ANSWER.
> 
> 	The earlier MS-SQL worm AKA MS-SQL Spida is propagating over port
> 1433/tcp infecting systems with MS-SQL and MSDE where the administratory
> password has not been changed (clue alert...  MSDE gets installed under
> all sorts of stuff like Visio AND YOU CAN NOT CHANGE THE ADMIN PASSWORD -
> but the MS-SQL Spida worm can, and does).

Okay.  I stand corrected.  I'd been getting these
hits sporadically ever since I got a dedicated connection. I
just assumed that it was a cracker trying to get in.

Enjoy,
    - Chuck

-- 
"The purpose of encryption is to protect good people
from bad people, not to protect bad people from the government."
     Scott McNealy, CEO Sun Microsystems
"The best way for government to control people is to remain in
   a constant threat of war." ---Karl Marx
(18 USC 242), which applies to government agents overstepping their
authority:
  "Whoever, under color of any law, statute, ordinance, regulation,
  or custom, willfully subjects any person in any State, Territory,
  or District to the deprivation of any rights, privileges, or
  immunities secured or protected by the Constitution or laws of
  the United States, . . . shall be fined under this title or
  imprisoned not more than one year, or both . . ."

 PGP signature




More information about the Ale mailing list