[nsp-sec] Strong Increase in port 1433/tcp
Klaus Moeller
moeller at dfn-cert.de
Mon Mar 2 11:41:46 EST 2009
Hi teams,
Our darknet (and SANS ISC) too see a strong increase (8 fold now) in src ip
addresses accessing port 1433/tcp (MS-SQL). Overall traffic to that port
(flows, packets, bytes) does not seem to increase, at least not much.
Any idea what may be the cause?
Currently, I have no meaningful packet capture, as we get only SYN packets
in our darknet. I'm working on getting a better packet dump.
Best regards,
Klaus Möller, DFN-CERT
--
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
16. DFN-Workshop Sicherheit in vernetzten Systemen
https://www.dfn-cert.de/ws2009/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dfn-cert-graph.png
Type: image/png
Size: 44290 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090302/4ced5657/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sans-portgraph.png
Type: image/png
Size: 100377 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090302/4ced5657/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 486 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090302/4ced5657/attachment-0001.sig>
More information about the nsp-security
mailing list