RE: Red Alert - sharp increase port 1433 (MS SQL) scansYes.. I see it as well.. :-( ( (From large number of Multiple Hosts (saw 10 unique machines within about 3 mins), portscanning entire netblocks). 13.317297 x.x.x.x -> 210.54.13.184 TCP 2428 > 1433 [SYN] Seq=4121127920 Ack=0 Win=16384 Len=0 13.317301 x.x.x.x -> 210.54.13.168 TCP 2412 > 1433 [SYN] Seq=4120301305 Ack=0 Win=16384 Len=0 13.317304 x.x.x.x -> 210.54.13.190 TCP 2434 > 1433 [SYN] Seq=4121425987 Ack=0 Win=16384 Len=0 13.317308 x.x.x.x -> 210.54.13.162 TCP 2406 > 1433 [SYN] Seq=4119999237 Ack=0 Win=16384 Len=0 13.317311 x.x.x.x -> 210.54.13.178 TCP 2422 > 1433 [SYN] Seq=4120812200 Ack=0 Win=16384 Len=0 13.317314 x.x.x.x -> 210.54.13.187 TCP 2431 > 1433 [SYN] Seq=4121284990 Ack=0 Win=16384 Len=0 13.317405 x.x.x.x -> 210.54.13.165 TCP 2409 > 1433 [SYN] Seq=4120137569 Ack=0 Win=16384 Len=0 13.318071 x.x.x.x -> 210.54.13.175 TCP 2419 > 1433 [SYN] Seq=4120667208 Ack=0 Win=16384 Len=0 13.318077 x.x.x.x -> 210.54.13.181 TCP 2425 > 1433 [SYN] Seq=4120952009 Ack=0 Win=16384 Len=0 ----- Original Message ----- From: Michael Bordignon To: nznog(a)list.waikato.ac.nz Sent: Tuesday, May 21, 2002 4:19 PM Subject: RE: Red Alert - sharp increase port 1433 (MS SQL) scans we've been getting alot of these too - 3 connections from each host, 21 so far (all today, between 11am and 4pm) - michael -----Original Message----- From: Arjen De Landgraaf [mailto:arjen.de.landgraaf(a)cologic.co.nz] Sent: Tuesday, 21 May 2002 3:44 PM To: nznog(a)list.waikato.ac.nz Subject: Red Alert - sharp increase port 1433 (MS SQL) scans Importance: High We just issued a "Red Alert" on a rapid and sharp increase in port 1433 TCP probes. If you have MS SQL Server behind web services, you should monitor. Further information will be available shortly under newsitems at: www.e-secure-it.us www.e-secure-it.co.nz Arjen de Landgraaf E-Secure-IT - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog