[ale] [Fwd: RE: MS SQL WORM and PORT 1434!]
cfowler
cfowler at outpostsentinel.com
Tue Jan 28 08:28:00 EST 2003
I think it may be the slapper worm. A friend of mine had 3 insurance
sites. Two had been hit and I had to clean them up. But If I remember
I think they did come on this port. But I'm not sure. It has been a
while since I dealt with those remotes.
On Tue, 2003-01-28 at 08:21, Chuck Huber wrote:
> On Mon, Jan 27, 2003 at 11:45:56PM -0500, Michael H. Warfield wrote:
> > On Mon, Jan 27, 2003 at 11:15:03AM -0500, Chuck Huber wrote:
> > > On Mon, Jan 27, 2003 at 03:36:17AM -0600, Denny Chambers wrote:
> > > > I have been receiving hits on port 1433 which is listed as another
> > > > MS-SQL port.
> >
> > > Yeah, those are common. Mostly a bunch of jerks trying to login
> > > using default passwords. Recall the "FIELD SERVICE" admin account
> > > that was shipped with VAXen for many years.
> >
> > WRONG ANSWER.
> >
> > The earlier MS-SQL worm AKA MS-SQL Spida is propagating over port
> > 1433/tcp infecting systems with MS-SQL and MSDE where the administratory
> > password has not been changed (clue alert... MSDE gets installed under
> > all sorts of stuff like Visio AND YOU CAN NOT CHANGE THE ADMIN PASSWORD -
> > but the MS-SQL Spida worm can, and does).
>
> Okay. I stand corrected. I'd been getting these
> hits sporadically ever since I got a dedicated connection. I
> just assumed that it was a cracker trying to get in.
>
> Enjoy,
> - Chuck
>
> --
> "The purpose of encryption is to protect good people
> from bad people, not to protect bad people from the government."
> Scott McNealy, CEO Sun Microsystems
> "The best way for government to control people is to remain in
> a constant threat of war." ---Karl Marx
> (18 USC 242), which applies to government agents overstepping their
> authority:
> "Whoever, under color of any law, statute, ordinance, regulation,
> or custom, willfully subjects any person in any State, Territory,
> or District to the deprivation of any rights, privileges, or
> immunities secured or protected by the Constitution or laws of
> the United States, . . . shall be fined under this title or
> imprisoned not more than one year, or both . . ."
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list