Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > other security issues & news
Reload this Page MS server port under hack attack
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old May 21st, 2002, 04:46 PM
spy1's Avatar
spy1 spy1 is offline
Massive Poster
  
Join Date: Dec 2002
Location: Clover, SC
Posts: 3,129
Default MS server port under hack attack
"By James Middleton [21-05-2002]

Administrators should check SQL server security

Security watchers have warned of a huge increase in the number of connection attempts made on port 1433, the Microsoft SQL server port, in the last 24 hours.

An advisory released this morning by security firm Trend Micro said that the significant increase in connection attempts could signify hack attacks.

The company said that firewall logs at customer sites revealed that the attacks started to rocket yesterday (May 20).

Indeed, a quick glance at the "top ten ports under attack" list on the Sans Institute's Internet Storm Centre website shows port 1433 at number five.

Connection attempts on the Microsoft SQL server port usually number between zero and three per cent, according to the Internet Storm Centre, but yesterday they leapt into the red at 57 per cent.

"The connection attempts look like a hacking attack; at first a MSSQL handshake is transferred, which is not unusual," said the Trend Micro advisory. "But afterwards, a second packet is sent, and this packet is an attempt to login to the MSSQL server, using the account name 'sa' and an empty password. This is the default authentication set-up for MSSQL installation."

Neither the source of these attacks nor the motives behind them have yet been determined. But the increase in attacks on port 1433 should serve as a warning to administrators to check the security of SQL server installations.

On 17 April, Microsoft issued an advisory about an unchecked buffer in extended procedure functions in the SQL server that could have allowed attackers to run arbitrary code on the system.

It is possible that this latest attack could have been carried out by someone looking to exploit this vulnerability."

__________________
"When fascism comes to America it will come wrapped in the flag and carrying a cross." Sinclair Lewis
  #2  
Old May 24th, 2002, 04:03 PM
spy1's Avatar
spy1 spy1 is offline
Massive Poster
  
Join Date: Dec 2002
Location: Clover, SC
Posts: 3,129
Default Re: MS server port under hack attack
http://www.theregus.com/content/55/25019.html

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp (use IE to view).

https://gtoc.iss.net/index.php

(This is basically an NT/W2k issue for people involved with SQL servers - SYSADMINS, IOW).
__________________
"When fascism comes to America it will come wrapped in the flag and carrying a cross." Sinclair Lewis
 

Wilders Security Forums > Other Security Topics > other security issues & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 03:58 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums