Our bandwidth usage tripled since this started happening. We get
about 1 new attack daily. To stop the attacks we either block the IPs
on the router or email the ISP to get the guy off the network. This
is happening to every SQL server on the network. Seems to be scanning
for open port 1433.
Example;
TCP 229.133.145.237:1433 65.203.118.170:36950 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:36975 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37028 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37058 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37101 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37112 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37182 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37204 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37255 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37282 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37326 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37357 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37409 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37438 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37484 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37519 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37567 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37579 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37640 TIME_WAIT
TCP 229.131.145.234:1433 65.203.118.170:37649 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37723 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37744 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37804 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37815 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37890 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37901 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37963 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37971 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:38045 TIME_WAIT
TIA!It seems that you scan them... Please post more details
Bojidar Alexandrov
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment