At 02:45 AM 1/25/2003 -0600, Jack Bates wrote:
From: "Mike Tancsa"
Yes, I am seeing this big time. Are you sure its SQL server ? Thats normally 1433 no ? Are there any other details somewhere about this ?
<snip>
All MS SQL servers listen to 1434 reguardless of the other ports they listen on. Depending on configuration depends on what other ports it uses (due to various security models), but 1434 is a constant in all configurations according to a quick search and a read on the last MS SQL vulnerability found in 7/2002.
Thanks, I have blocked the infected hosts in my customer colo space. Its an eye opener how much traffic they generate on the local collision domain they are on :-( ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike