[lug] port 1433

Shannon Johnston sjohnston at cavion.com
Tue Aug 13 17:41:54 MDT 2002 

I've seen very similar activity related to the MS-SQLSnake. If you're
not running MS-SQL there should be nothing to worry about. I believe by
default MySQL listens on a different port. (I could be mistaken though.)

Shannon Johnston



On Tue, 2002-08-13 at 17:08, D. Stimits wrote:
> j davis wrote:
> > Hello,
> >  for the last few months i have been getting tcp request from the internet
> > to port 1433...mysql. I dont have any sql servers running on the box in 
> > question..
> > is this a scan for a exploit...or is this just a box spewing out random 
> > crap.
> 
> I am not 100% positive (more like 99%), but I think this is the 
> Microsoft SQL, not mysql. Most likely this is an attempt to find an 
> exploit, but it won't be an exploit on anything not running Microsoft SQL.
> 
> D. Stimits, stimits AT idcomm.com
> 
> > 
> > Aug 13 03:56:54 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> > MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87 
> > DST=10.0.0.2 LEN=48
> > TOS=0x00 PREC=0x00 TTL=106 ID=28391 DF PROTO=TCP SPT=1551 DPT=1433 
> > WINDOW=16384
> > RES=0x00 SYN URGP=0
> > Aug 13 03:56:57 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> > MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87 
> > DST=10.0.0.2 LEN=48
> > TOS=0x00 PREC=0x00 TTL=106 ID=28634 DF PROTO=TCP SPT=1551 DPT=1433 
> > WINDOW=16384
> > RES=0x00 SYN URGP=0
> > Aug 13 03:57:03 www kernel: IPT INT>FIRE:IN=eth0 OUT=
> > MAC=00:01:02:8f:de:db:00:30:85:e5:b7:64:08:00 SRC=211.244.220.87 
> > DST=10.0.0.2 LEN=48
> > TOS=0x00 PREC=0x00 TTL=106 ID=29113 DF PROTO=TCP SPT=1551 DPT=1433 
> > WINDOW=16384
> > RES=0x00 SYN URGP=0
> > 
> > 
> > thanks,
> > jd
> > 
> > jd at taproot.bz
> > http://www.taproot.bz
> > 
> > _________________________________________________________________
> > Join the world's largest e-mail service with MSN Hotmail. 
> > http://www.hotmail.com
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> > 
> > 
> 
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list