|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New worm / port 1434?
At 02:45 AM 1/25/2003 -0600, Jack Bates wrote: Thanks, I have blocked the infected hosts in my customer colo space. Its an eye opener how much traffic they generate on the local collision domain they are on :-(From: "Mike Tancsa" > > > Yes, I am seeing this big time. Are you sure its SQL server ? Thats > normally 1433 no ? Are there any other details somewhere about this ? > <snip> All MS SQL servers listen to 1434 reguardless of the other ports they listen on. Depending on configuration depends on what other ports it uses (due to various security models), but 1434 is a constant in all configurations according to a quick search and a read on the last MS SQL vulnerability found in 7/2002. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, [email protected] Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
|