Showing posts with label router. Show all posts
Showing posts with label router. Show all posts

Monday, March 26, 2012

New SQL worm? getting multiple, continuous connections from random IP's for last 4 days

Our bandwidth usage tripled since this started happening. We get
about 1 new attack daily. To stop the attacks we either block the IPs
on the router or email the ISP to get the guy off the network. This
is happening to every SQL server on the network. Seems to be scanning
for open port 1433.
Example;
TCP 229.133.145.237:1433 65.203.118.170:36950 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:36975 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37028 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37058 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37101 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37112 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37182 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37204 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37255 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37282 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37326 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37357 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37409 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37438 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37484 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37519 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37567 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37579 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37640 TIME_WAIT
TCP 229.131.145.234:1433 65.203.118.170:37649 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37723 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37744 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37804 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37815 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37890 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37901 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37963 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:37971 TIME_WAIT
TCP 229.133.145.237:1433 65.203.118.170:38045 TIME_WAIT
TIA!It seems that you scan them... Please post more details
Bojidar Alexandrov
Posted by compensatoryfghn at 8:15 AM 0 comments
Labels: , , , , , , , , , , , , , , , , , , ,

Monday, March 12, 2012

New Lynksys Router blocking access to SQL 2k

I have a new Wireless G router configured by a client for their VPN. They said to hook it up to my existing router. It works great if I try to connect to something on the VPN, Informix, SQL no problem.

I have my own SQL 2k on the same network locally. I can access the server with Maping tools but I can not get an ODBC connection to work either using Windows Authentication or SQL authentication. Tried my old router and it worked fine.

I figured it would not work while I was connected to the VPN, but thought I should be able to access SQL server when not on the VPN. Is this a port issue? Never had to deal with this.

Thanks

Mike D

make sure that you can access port 1433|||Take a look at all the rules implemented in your new Linksys router and check the port for SQL Server (1433 or 1434) if they are not being blocked.|||

Bass and Joey,

The client supplied Router is password protected. They gave me a laptop and router and asked that I plug their rounter into my existing router. I use their laptop to VPN to their site. I have only one cable to link the new router to the existing old router which is located in another office.

I got the WEP key so I could access the new router from my own laptop. Anyway I have to call their IT support team to get access. I have a feeling they won't want to open port 1433-34.

We will see.

Thanks for the info.

Mike

Posted by compensatoryfghn at 6:15 AM 0 comments
Labels: , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)