Penetration Testing mailing list archives
Re: Port 1443
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Fri, 22 Dec 2006 17:15:26 +1300
On 22/12/06, Richards, Jim <jim.richards () dot state wi us> wrote:
Isn't that the admin port for sql-server
[resend, bounced due to nonsubcribed address] Nearly. Slammer exploited a flaw in SQL server on 1434/udp. SQL server also uses 1433/tcp IIRC. "The worm targeting SQL Server computers is self-propagating malicious code that exploits the vulnerability described in VU#484891 (CAN-2002-0649). This vulnerability allows for the execution of arbitrary code on the SQL Server computer due to a stack buffer overflow. Once the worm compromises a machine, it will try to propagate itself. The worm will craft packets of 376-bytes and send them to randomly chosen IP addresses on port 1434/udp. If the packet is sent to a vulnerable machine, this victim machine will become infected and will also begin to propagate. Beyond the scanning activity for new hosts, the current variant of this worm has no other payload." -- http://www.cert.org/advisories/CA-2003-04.html cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com NZ Honeynet project - http://www.nz-honeynet.org/
Current thread:
- Port 1443 kapil assudani (Dec 20)
- RE: Port 1443 Andy Meyers (Dec 20)
- Re: Port 1443 Dan Catalin Vasile (Dec 20)
- Re: Port 1443 Alcides (Dec 20)
- Re: Port 1443 Mark Foster (Dec 21)
- <Possible follow-ups>
- RE: Port 1443 Richards, Jim (Dec 21)
- Message not available
- Re: Port 1443 Jamie Riden (Dec 21)
- Re: Port 1443 Lee Lawson (Dec 22)
- Re: Port 1443 Jamie Riden (Dec 22)
- Message not available