[lug] port 1433

D. Stimits stimits at idcomm.com
Tue Aug 13 17:08:30 MDT 2002


j davis wrote:
> Hello,
>  for the last few months i have been getting tcp request from the internet
> to port 1433...mysql. I dont have any sql servers running on the box in 
> question..
> is this a scan for a exploit...or is this just a box spewing out random 
> crap.

I am not 100% positive (more like 99%), but I think this is the 
Microsoft SQL, not mysql. Most likely this is an attempt to find an 
exploit, but it won't be an exploit on anything not running Microsoft SQL.

D. Stimits, stimits AT idcomm.com

> 
> Aug 13 03:56:54 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87 
> DST=10.0.0.2 LEN=48
> TOS=0x00 PREC=0x00 TTL=106 ID=28391 DF PROTO=TCP SPT=1551 DPT=1433 
> WINDOW=16384
> RES=0x00 SYN URGP=0
> Aug 13 03:56:57 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87 
> DST=10.0.0.2 LEN=48
> TOS=0x00 PREC=0x00 TTL=106 ID=28634 DF PROTO=TCP SPT=1551 DPT=1433 
> WINDOW=16384
> RES=0x00 SYN URGP=0
> Aug 13 03:57:03 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87 
> DST=10.0.0.2 LEN=48
> TOS=0x00 PREC=0x00 TTL=106 ID=29113 DF PROTO=TCP SPT=1551 DPT=1433 
> WINDOW=16384
> RES=0x00 SYN URGP=0
> 
> 
> thanks,
> jd
> 
> jd at taproot.bz
> http://www.taproot.bz
> 
> _________________________________________________________________
> Join the world's largest e-mail service with MSN Hotmail. 
> http://www.hotmail.com
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> 
> 






More information about the LUG mailing list