Snort alerts from our resident Honeywall! Even though we are currently running MySQL as our flypaper there are sk's running relentless MS-SQL attempts. This is data material but I thought that it would be of nominal interest nonetheless.
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-07:35:43.418518 10.10.10.254:2456 -> 10.1.4.3:1434
UDP TTL:110 TOS:0x20 ID:24321 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-07:35:43.418518 10.10.10.254:2456 -> 10.1.4.3:1434
UDP TTL:110 TOS:0x20 ID:24321 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-07:35:43.418518 10.10.10.254:2456 -> 10.1.4.3:1434
UDP TTL:110 TOS:0x20 ID:24321 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx][Xref
=> http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:28:04.702026 218.232.95.60:3664 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:34162 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:28:04.702026 218.232.95.60:3664 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:34162 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-15:28:04.702026 218.232.95.60:3664 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:34162 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx][Xref
=> http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:42:58.867441 202.106.102.195:1071 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:24341 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:42:58.867441 202.106.102.195:1071 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:24341 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-15:42:58.867441 202.106.102.195:1071 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:24341 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx][Xref
=> http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-19:15:19.388509 221.195.73.84:1042 -> 10.1.4.3:1434
UDP TTL:109 TOS:0x20 ID:47455 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-19:15:19.388509 221.195.73.84:1042 -> 10.1.4.3:1434
UDP TTL:109 TOS:0x20 ID:47455 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-19:15:19.388509 221.195.73.84:1042 -> 10.1.4.3:1434
UDP TTL:109 TOS:0x20 ID:47455 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx][Xref
=> http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5310 ]
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-07:35:43.418518 10.10.10.254:2456 -> 10.1.4.3:1434
UDP TTL:110 TOS:0x20 ID:24321 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-07:35:43.418518 10.10.10.254:2456 -> 10.1.4.3:1434
UDP TTL:110 TOS:0x20 ID:24321 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-07:35:43.418518 10.10.10.254:2456 -> 10.1.4.3:1434
UDP TTL:110 TOS:0x20 ID:24321 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com
=> http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:28:04.702026 218.232.95.60:3664 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:34162 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:28:04.702026 218.232.95.60:3664 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:34162 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-15:28:04.702026 218.232.95.60:3664 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:34162 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com
=> http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:42:58.867441 202.106.102.195:1071 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:24341 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-15:42:58.867441 202.106.102.195:1071 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:24341 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-15:42:58.867441 202.106.102.195:1071 -> 10.1.4.3:1434
UDP TTL:108 TOS:0x20 ID:24341 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com
=> http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
08/14-19:15:19.388509 221.195.73.84:1042 -> 10.1.4.3:1434
UDP TTL:109 TOS:0x20 ID:47455 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
08/14-19:15:19.388509 221.195.73.84:1042 -> 10.1.4.3:1434
UDP TTL:109 TOS:0x20 ID:47455 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content
http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
http://www.securityfocus.com
[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/14-19:15:19.388509 221.195.73.84:1042 -> 10.1.4.3:1434
UDP TTL:109 TOS:0x20 ID:47455 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com
=> http://cgi.nessus.org/plugins
http://cve.mitre.org/cgi-bin
http://www.securityfocus.com
No comments:
Post a Comment