[nsp-sec] Strong Increase in port 1433/tcp
Jose Nazario
jose at arbor.net
Mon Mar 2 15:22:34 EST 2009
On Mon, 2 Mar 2009, Smith, Donald wrote:
> w32.dasher used 6000 as a source port and attempted to exploit an
> microsoft swl server vulnerability.
dasher called out to some raptacular third party tool to do the SYN scan.
that tool is hardcoded to use port 6000 as a source port. it's possible
that someone is scanning for 1433/TCP using the same crumy SYN scanner.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list