'Re: Serveral host broadcasting to port 1434'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Serveral host broadcasting to port 1434
From:       Adriel Desautels <adriel () netragard ! com>
Date:       2008-05-23 19:46:01
Message-ID: 48371EF9.7010203 () netragard ! com
[Download RAW message or body]


Sounds a bit fishy. I'd evaluate the systems that are sending the 
traffic. Identify the process responsible and make sure that it is not 
malware. This does sound very malwareish.

Regards,
	Adriel T. Desautels
	Chief Technology Officer
	Netragard, LLC.
	Office : 617-934-0269
	Mobile : 617-633-3821
	http://www.linkedin.com/pub/1/118/a45

	Join the Netragard, LLC. Linked In Group:
	http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


the_loser55@hotmail.com wrote:
> Hello,
> 
> I've just started playing with snort rules and created a new rule for the internal \
> network that would grab any traffic on port 1434 "Microsoft-SQL-Monitor". The rule \
> is now running and I see several desktop PC's sending out traffic to destination \
> 255.255.255.255 port 1434. So my question is are these desktops compromised. I've \
> seen references to a MS-SQL worm with activity like this. Any thoughts would be \
> much appreciated. 
> Thanks



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic