I forgot to mention that those port scans for ms-sql-s first started heavily occurring last wednesday. I guess (they) were busy trying to find SQL Servers out there before the weekend's attack.
Also, in the past several months we've had heavy port scans from Asia originations, as specified above with all the C Classes.
Keep an eye on the LACNIC (Latin America Networks) as there seems to be a slight ramp up of junk from there, such as 200.x.x.x
Also the European Union like Romania 209.239.64.0
Lot's of work to do from the firewall perspective.
I'm surprised that more firewall security folks didn't pick up on this. We noticed alot of junk from asis C Class networks, 61.x.x.x, 210,211,212,218,202,80,195,200,213,62,219,193, etc. and promptly rejected all those C classes 61.0.0.0, etc. at the firewall. This including alot of port scans for the service ms-sql-s.
Even though we don't have the MS SQL patch, we weren't affected due to the firewall blocking.
Slashdot Mirror
I forgot to mention that those port scans for ms-sql-s first started heavily occurring last wednesday. I guess (they) were busy trying to find SQL Servers out there before the weekend's attack. Also, in the past several months we've had heavy port scans from Asia originations, as specified above with all the C Classes. Keep an eye on the LACNIC (Latin America Networks) as there seems to be a slight ramp up of junk from there, such as 200.x.x.x Also the European Union like Romania 209.239.64.0 Lot's of work to do from the firewall perspective.
I'm surprised that more firewall security folks didn't pick up on this. We noticed alot of junk from asis C Class networks, 61.x.x.x, 210,211,212,218,202,80,195,200,213,62,219,193, etc. and promptly rejected all those C classes 61.0.0.0, etc. at the firewall. This including alot of port scans for the service ms-sql-s.
Even though we don't have the MS SQL patch, we weren't affected due to the firewall blocking.