Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Port 1433 (tcp/udp) Attack Activity Port 1433 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Top of page
Port Information
Protocol Service Name
tcp ms-sql-s Microsoft-SQL-Server
udp ms-sql-s Microsoft-SQL-Server
Top IPs Scanning
TodayYesterday
59.5.57.18 (381)186.71.60.155 (549)
121.43.163.10 (105)106.53.122.228 (523)
80.66.76.26 (38)221.5.213.189 (444)
92.63.196.228 (19)187.6.142.215 (428)
218.249.175.234 (15)192.241.220.11 (262)
186.103.144.53 (14)161.35.223.22 (257)
134.209.168.98 (14)80.241.146.138 (228)
180.179.227.112 (13)120.198.23.239 (185)
123.31.33.138 (12)134.209.168.98 (180)
218.77.129.81 (11)175.116.149.5 (180)
Port diary mentions
URL
Mailbag Items for Ports 1433 and 113
Solution to the TCP 1433 Traffic
Port 1433 scanning
If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
Top of page
User Comments
Submitted By Date
Comment
Marcus H. Sachs, SANS Institute 2003-10-10 00:50:59
SANS Top-20 Entry: W2 Microsoft SQL Server (MSSQL) http://isc.sans.org/top20.html#w2 The Microsoft SQL Server (MSSQL) contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts. MSSQL vulnerabilities are well-publicized and actively under attack. Two recent MSSQL worms in May 2002 and January 2003 exploited several known MSSQL flaws. Hosts compromised by these worms generate a damaging level of network traffic when they scan for other vulnerable hosts.
Johannes Ullrich 2002-10-10 17:21:35
Port 1433 is used by Microsoft SQL Server. SQLSnake is one worm taking advantage of SQL Server installs without password. As SQL Server is able to run batch files and command line programs, it can be used to download and install malware. Basic Protection: Use good passwords for all SQL Server accounts.
Add a comment
Top of page
CVE Links
CVE # Description
Top of page