[lug] port 1433
Chip Atkinson
chip at rmpg.org
Tue Aug 13 16:31:16 MDT 2002
I think it's a scan. The ip address that you show, 211.244.220.87,
appears to be from Korea. I pinged the address and then traceroute to it.
Also, ARIN showed that it was from the Asia Pacific Network Information
Center. Check out
http://ws.arin.net/cgi-bin/whois.pl?queryinput=211.244.220.87
If you are not running a public mysql server, you should probably just
block this port entirely at your machine/firewall.
Chip
On Tue, 13 Aug 2002, j davis wrote:
> Hello,
> for the last few months i have been getting tcp request from the internet
> to port 1433...mysql. I dont have any sql servers running on the box in
> question..
> is this a scan for a exploit...or is this just a box spewing out random
> crap.
>
> Aug 13 03:56:54 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87
> DST=10.0.0.2 LEN=48
> TOS=0x00 PREC=0x00 TTL=106 ID=28391 DF PROTO=TCP SPT=1551 DPT=1433
> WINDOW=16384
> RES=0x00 SYN URGP=0
> Aug 13 03:56:57 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87
> DST=10.0.0.2 LEN=48
> TOS=0x00 PREC=0x00 TTL=106 ID=28634 DF PROTO=TCP SPT=1551 DPT=1433
> WINDOW=16384
> RES=0x00 SYN URGP=0
> Aug 13 03:57:03 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87
> DST=10.0.0.2 LEN=48
> TOS=0x00 PREC=0x00 TTL=106 ID=29113 DF PROTO=TCP SPT=1551 DPT=1433
> WINDOW=16384
> RES=0x00 SYN URGP=0
>
>
> thanks,
> jd
>
> jd at taproot.bz
> http://www.taproot.bz
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list