Increase In Microsoft-SQL-Server Scans?

Discussion in 'other firewalls' started by suzy software, May 21, 2002.

Thread Status:
Not open for further replies.
  1. Has anyone else noticed an increase in Microsoft-SQL-Server scans while using Zone Alarm?

    Over the past 3-4 days I've received a ton of inbound  Microsoft-SQL-Server scans.

    What are they and why so many now?

    I'm using Zone Alarm 2.6.88 and Visual Zone to read my logfiles.

    Thanks for any info.
     
  2. FanJ

    FanJ Guest

    Hi Suzy,

    Welcome !

    See also here, where was something posted about it:

    http://www.security-pro.co.uk/yabb/YaBB.pl?board=osif;action=display;num=1022006809
     
  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I just checked my router logs. Wow, what is normally an unrelenting sub7 port 27374 barrage is now a MS SQL Server barrage. 6 of one, Half doz of the other I guess. Seems like the amount of scans hasn't changed all that much. Makes me think the people who normally scan for sub7 have changed to SQL Server.

    2 years ago it was an IIS vulnerability that gave away the sa password without argument. I had a lot of fun with that one.
     
  4. Thanks for the link.  It helped.
     
  5. RedHoney

    RedHoney Guest

    Hi all!

    I've been using NeoWatch as my firewall for several years now.  I have to say, I've tried them all but NW is by far the best investment of $40 I've made.  I have been SWAMPED with SQL server scans lately...as many as 10-12 in a few hours! Fortunately, NW allows me to simply ban the offending ip (after I use their 'report this event' option).   That seemed to slow down the barrage somewhat from power-scanners that show up frequently.

    Does anyone know who started this awful trend and why?  o_O
     
  6. Raygun

    Raygun Registered Member

    Joined:
    Apr 24, 2002
    Posts:
    31
    Location:
    The Beach!
    I was wondering why they don't just block or ban the IP. Hell I run the new BlackIce PC Protection BIP for shot and I can easily block an IP. I hope you can do that in ZA?
     
  7. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    It really makes no difference. If you don't use SQL server and I bet 99% of the people here do not, then the scans are harmless. Whether you ban the IP or not, you are still losing bandwidth to the scan irregardless.

    If you DO use SQL server, and  have it exposed to  the internet intead of have it attached to your back end on a private network, then you probably could use some skills upgrades. If you use SQL Server and have it exposed to the net AND have NO PASSWORD (these things have to happen for this threat to be harmful) then you pretty much deserve to be plagued.

    Who could be that stupid?
     
Loading...
Thread Status:
Not open for further replies.