[nsp-sec] Strong Increase in port 1433/tcp
Eli Dart
dart at es.net
Mon Mar 2 14:12:23 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Did someone remove their network-level filters for SQL slammer?
--eli
Klaus Moeller wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi teams,
>
> Our darknet (and SANS ISC) too see a strong increase (8 fold now) in src ip
> addresses accessing port 1433/tcp (MS-SQL). Overall traffic to that port
> (flows, packets, bytes) does not seem to increase, at least not much.
>
> Any idea what may be the cause?
>
> Currently, I have no meaningful packet capture, as we get only SYN packets
> in our darknet. I'm working on getting a better packet dump.
>
> Best regards,
> Klaus Möller, DFN-CERT
>
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
- --
Eli Dart NOC: (510) 486-5629
ESnet Network Engineering Group (800) 333-7638
Lawrence Berkeley National Laboratory
PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkmsL5cACgkQLTFEeF+CsrOoswCfYKNZ+D2vUBa0nej64pz2tKND
xYEAnje6auNFl4Z++V+jCWHeUM9kh86f
=H5Zr
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list