Strange Port hits

Aaron Grewell agrewell
Mon May 17 11:31:56 PDT 2004 

It's really nice that they don't bother to tell you about the blank sa
password during install, eh?  That's the main reason this worm is
effective, because most new SQL server admins don't know about it and
the installer doesn't tell you.  Whoever designed their installer should
be shot.

On Tue, 2002-05-28 at 10:32, Kevin O'Gorman wrote:
> Yeah, that occurred to me, and may be how they did it.  I was still learning
> SQLServer, didn't even know yet that there was an 'SA' account as separate from
> the Windows 'Administrator' account.  So that's likely it.  So I try not
> to be dumb, but it's hard not to be ignorant when I'm always learning new
> things.
> 
> Now it does have a password, as well as a different port.  I hope that's
> enough.
> 
> ++ kevin
> 
> 
> 
> On Tue, May 28, 2002 at 09:58:38AM -0700, Aaron Grewell wrote:
> > Depending on when you installed and what SP you were at, the sa password
> > defaults to being blank.
> > 
> > On Mon, 2002-05-27 at 21:12, Kevin O'Gorman wrote:
> > > Oh, and I read the thing about Spida.  The thing is, I didn't have
> > > any blank passwords on that machine.  I try no to be that dumb.
> > > 
> > > So I still don't know how they got in.
> > > 
> > > ++ kevin
> > > 
> > > 
> > > On Mon, May 27, 2002 at 05:39:07PM -0400, Bruce Marshall wrote:
> > > > I've been getting a lot of hits on port 1433 lately.   This is something new 
> > > > in the last week or so.  Anyone know of anything going on in the dark world 
> > > > of hackers that makes port 1433 a good target?
> > > > 
> > > > The ports list shows that port is for Microsoft-SQL-server....
> > > > 
> > > > -- 
> > > > +----------------------------------------------------------------------------+
> > > > + Bruce S. Marshall  bmarsh at bmarsh.com  Bellaire, MI         05/27/02 17:35  +
> > > > +----------------------------------------------------------------------------+
> > > > "Farming looks easy when your plow is a pencil and you're a thousand miles
> > > >   from a cornfield." - Dwight D. Eisenhower
> > > > 
> > > > _______________________________________________
> > > > Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
> > > > Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
> > > 
> > > -- 
> > > Kevin O'Gorman  (805) 650-6274  mailto:kevin at kosmanor.com
> > > Permanent e-mail forwarder:  mailto:Kevin.O'Gorman.64 at Alum.Dartmouth.org
> > > At school: mailto:kogorman at cs.ucsb.edu
> > > Web: http://www.cs.ucsb.edu/~kogorman/index.html
> > > Web: http://kosmanor.com/~kevin/index.html
> > > 
> > > "Life is short; eat dessert first!"
> > > _______________________________________________
> > > Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
> > > Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
> > 
> > 
> > _______________________________________________
> > Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
> > Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
> 
> -- 
> Kevin O'Gorman  (805) 650-6274  mailto:kevin at kosmanor.com
> Permanent e-mail forwarder:  mailto:Kevin.O'Gorman.64 at Alum.Dartmouth.org
> At school: mailto:kogorman at cs.ucsb.edu
> Web: http://www.cs.ucsb.edu/~kogorman/index.html
> Web: http://kosmanor.com/~kevin/index.html
> 
> "Life is short; eat dessert first!"
> _______________________________________________
> Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
> Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.

More information about the Linux-users mailing list