Yes.. I see it as well.. :-( (  (From large number of Multiple Hosts (saw 10 unique machines within about 3 mins), portscanning entire netblocks).
 
13.317297 x.x.x.x -> 210.54.13.184 TCP 2428 > 1433 [SYN] Seq=4121127920 Ack=0 Win=16384 Len=0
 13.317301 x.x.x.x -> 210.54.13.168 TCP 2412 > 1433 [SYN] Seq=4120301305 Ack=0 Win=16384 Len=0
 13.317304 x.x.x.x -> 210.54.13.190 TCP 2434 > 1433 [SYN] Seq=4121425987 Ack=0 Win=16384 Len=0
 13.317308 x.x.x.x -> 210.54.13.162 TCP 2406 > 1433 [SYN] Seq=4119999237 Ack=0 Win=16384 Len=0
 13.317311 x.x.x.x -> 210.54.13.178 TCP 2422 > 1433 [SYN] Seq=4120812200 Ack=0 Win=16384 Len=0
 13.317314 x.x.x.x -> 210.54.13.187 TCP 2431 > 1433 [SYN] Seq=4121284990 Ack=0 Win=16384 Len=0
 13.317405 x.x.x.x -> 210.54.13.165 TCP 2409 > 1433 [SYN] Seq=4120137569 Ack=0 Win=16384 Len=0
 13.318071 x.x.x.x -> 210.54.13.175 TCP 2419 > 1433 [SYN] Seq=4120667208 Ack=0 Win=16384 Len=0
 13.318077 x.x.x.x -> 210.54.13.181 TCP 2425 > 1433 [SYN] Seq=4120952009 Ack=0 Win=16384 Len=0
 
 

 
----- Original Message -----
From: Michael Bordignon
To: nznog@list.waikato.ac.nz
Sent: Tuesday, May 21, 2002 4:19 PM
Subject: RE: Red Alert - sharp increase port 1433 (MS SQL) scans

we've been getting alot of these too - 3 connections from each host, 21 so far (all today, between 11am and 4pm)


- michael

-----Original Message-----
From: Arjen De Landgraaf [mailto:arjen.de.landgraaf@cologic.co.nz]
Sent: Tuesday, 21 May 2002 3:44 PM
To: nznog@list.waikato.ac.nz
Subject: Red Alert - sharp increase port 1433 (MS SQL) scans
Importance: High


We just issued a "Red Alert" on a rapid and sharp increase in port 1433 TCP
probes.
If you have MS SQL Server behind web services, you should monitor.

Further information will be available shortly under newsitems at:

www.e-secure-it.us
www.e-secure-it.co.nz

Arjen de Landgraaf
E-Secure-IT
-
To unsubscribe from nznog, send email to majordomo@list.waikato.ac.nz
where the body of your message reads:
unsubscribe nznog