Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-07-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 1433 scanning

Published: 2007-07-04
Last Updated: 2007-07-04 12:09:07 UTC
by Mark Hofman (Version: 1)
0 comment(s)

Update

A reader suggested that the increased activity on various ports such as 5900, 1433 and some others may be related to the release of the ya bot source code early June, as it includes scans for those ports.  A quick check of the source code confirms the ability and changing the ports seems trivial which may account for the scans to port 5901 mentioned earlier.

------------------------

There has been an increase in activity to port 1433 in the last day or so. 

http://isc.sans.org/port.html?port=1433

As you'll be able to see from the graph it eased off a little bit, but still significantly higher than it has been recently. 

Port 1433 is generally used by MSSQL, if you happen to grab a few packets pass them along please.  If you have the port open and you receive a delivery please pass that along as well.  It would be interesting to see if this is new or not.

With all the activity on the net at the moment you'd think there is a public holiday or something. 
To all those in the US, enjoy the 4th of July.

 

Mark - Shearwater

Keywords:
0 comment(s)
Diary Archives