site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Beware Attacks on TCP port 1433

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
Reviews:
·Shaw

reply to Link Logger

Re: Beware Attacks on TCP port 1433

OK so our script kiddie is branching out as yesterday we picked up another MSSQL Hello Buffer Overflow Attack from 217.226.102.87 (note this address is very close to 217.236.27.93 recorded above - dialup accounts in Germany so its possibly the same system). So after trying the SQL Attack 49 times then he goes for open shares on ports 139 and 445, to bad the firewall bounced him. Next time I'll have to watch for him, so I can play with his mind a bit while sending him back some crafted packets.

Dec 31, 2003 16:27:27.692 - (TCP) 217.226.102.87 : 4006 >>> 68.144.128.104 : 1433 SQL Server Scan
Dec 31, 2003 16:27:28.062 - (TCP) 217.226.102.87 : 4015 >>> 68.144.128.104 : 1433 SQL Server Scan
Dec 31, 2003 16:27:38.958 - (TCP) 217.226.102.87 : 4128 >>> 68.144.128.104 : 1433 SQL Server Scan
Dec 31, 2003 16:27:49.864 - (TCP) 217.226.102.87 : 4226 >>> 68.144.128.104 : 1433 SQL Server Scan

-- chop chop chop in the interest of saving electrons --

Dec 31, 2003 16:28:27.057 - (TCP) 217.226.102.87 : 4572 >>> 68.144.128.104 : 1433 SQL Server Scan
Dec 31, 2003 16:28:27.828 - (TCP) 217.226.102.87 : 4577 >>> 68.144.128.104 : 445 SQL Server Scan
Dec 31, 2003 16:28:27.848 - (TCP) 217.226.102.87 : 1043 >>> 68.144.128.104 : 139 SQL Server Scan
Dec 31, 2003 16:28:28.219 - (TCP) 217.226.102.87 : 4582 >>> 68.144.128.104 : 1433 SQL Server Scan
Dec 31, 2003 16:28:30.762 - (TCP) 217.226.102.87 : 4577 >>> 68.144.128.104 : 445 SQL Server Scan
Dec 31, 2003 16:28:30.783 - (TCP) 217.226.102.87 : 1043 >>> 68.144.128.104 : 139 SQL Server Scan
Dec 31, 2003 16:28:36.701 - (TCP) 217.226.102.87 : 1043 >>> 68.144.128.104 : 139 SQL Server Scan
Dec 31, 2003 16:28:36.791 - (TCP) 217.226.102.87 : 4577 >>> 68.144.128.104 : 445 SQL Server Scan

I guess even script kiddies get tired of hitting their head against the same brick. I wonder what he will try next?

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
to forum · permalink · 2004-01-01 07:33:21 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 19:52:41 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics