New worm / port 1434?

• Previous message (by thread): New worm / port 1434?
• Next message (by thread): New worm / port 1434?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 02:45 AM 1/25/2003 -0600, Jack Bates wrote:
>From: "Mike Tancsa"
>
> >
> >
> > Yes, I am seeing this big time.  Are you sure its SQL server ?  Thats
> > normally 1433 no ?  Are there any other details somewhere about this ?
> >
><snip>
>
>All MS SQL servers listen to 1434 reguardless of the other ports they listen
>on. Depending on configuration depends on what other ports it uses (due to
>various security models), but 1434 is a constant in all configurations
>according to a quick search and a read on the last MS SQL vulnerability
>found in 7/2002.

Thanks, I have blocked the infected hosts in my customer colo space.  Its 
an eye opener how much traffic they generate on the local collision domain 
they are on :-(

         ---Mike
--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike

• Previous message (by thread): New worm / port 1434?
• Next message (by thread): New worm / port 1434?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]