There was a new vulnerability discovered for mssql a coupla weeks ago, allowed execution of arbitrary code etc... all the usuals :-)
jeremyb. -----Original Message----- From: Chris Hellyar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 June 2002 9:02 p.m. To: Michael Beattie; [EMAIL PROTECTED] Subject: firewall logs, was :Re: Apache vulnerability Not really a Linux topic, but while we're on the subject of vulnerabilities.. Someone obviously thinks my server is an IIS machine with MS-SQL on it, as in the last 24 hours I've had 1210 logged attempts at connecting, and my firewall logging is rate limited... All of them from a Chinese netblock. Obviously something is rotten in the state of sql for someone to try that many times.. Very odd though, as I've never run IIS. Anyone else seeing lots of these packets? ie: is this script kiddies scanning netblocks a lot, or does someone thing I'm running ms-sql? They are tcp syn packets, dst port of 1433, largeish ttl's (104 - 120) and 48 bytes long. Cheers, me. ----- Original Message ----- From: "Michael Beattie" > On Tue, Jun 18, 2002 at 12:45:27PM +1200, Chris Hellyar wrote: > > No patch yet either, Man the pumps! :-). > > http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_protocol.c > > Mike. > -- > Michael Beattie <[EMAIL PROTECTED]> > > "In the beginning the Universe was created. This has made a lot of people > very angry and been widely regarded as a bad move." - Douglas Adams >
