Posted by Tony (195.224.101.3) on December 16, 2002 at 03:14:34:
In Reply to: But THEN............. posted by oooer should I say? on December 13, 2002 at 11:56:25:
Port 1433 is the default port for SQL Server. Sounds like someone was scanning your subnet for backdoors into any SQL Servers it found on that subnet.
Nothing to worry about unless you have SQL running, If so just make sure you have the latest patches from Micr$oft.
Tony
: I was checkin that code when my firewall flagged up a TCP ICMP block, on port 2763(registered to 'Desktop-DNA')mmmmm, the only other info i cud find on this crafted ICMP packet was from a guy who traced it to...I copied and pasted this(it wuz PGP'd) : to read that the origin of the packet causing the ICMP source quench : 33.33.33.33 port 1433, : and the alleged destination was: : 192.168.0.181 port 2763. : Odd.. tcp:1433 is common these days, but of all the packets I've got : and this is who i found owns the IP block... : DOD Network Information Center (NET-DCMC-1) : Netname: DCMC-1 : Coordinator: : Domain System inverse mapping provided by: : Lordy..............
:
: Source: 33.33.33.33 (33.33.33.33)
: Destination: 192.168.0.181 (192.168.0.181)
: Transmission Control Protocol, Src Port: 1433 (1433), Dst Port: 2763 (2763)
: Source port: 1433 (1433)
: Destination port: 2763 (2763)
:
: was:
: logged over the last months, not a single one has an *origin* of tcp:1433.
: 7990 Science Applications Court
: Vienna, VA 22183-7000
: US
: Netblock: 33.0.0.0 - 33.255.255.255
: DOD Network Information Center (ZD41-ARIN) HOSTMASTER||NIC.MIL
: 800-365-3642
: AAA-VIENNA.NIPR.MIL207.132.116.60
: AAA-KELLY.NIPR.MIL199.252.162.251
: AAA-VAIHINGEN.NIPR.MIL199.252.154.251
: AAA-WHEELER.NIPR.MIL199.252.180.251
: but then its probably just corrupted code from hiccupping sofware
: , anyhow windows has at least two backdoors in the OS(strangely one is called NSA key)so anyone with the power wudn't need to try hackneyed IP spoofing stuff.....
: Probability is that your latest 'tumbling lead parachutes' wheel design is safe.................