OmidX
February 25th, 2016, 13:40
سلام ، دوستان من این پورت رو در روتر میکروتیک بستم ، ولی بازم این ابیوز رو دریافت میکنم ، حتی رو vps هم از طریق فایروال بستم ، در پاسخ ب ابیوز هم گفتم ک اینکار ها رو انجام دادم ، این طبیعیه ک یک ابیوز رو هر چند روز یکبار دریافت کنم ؟!
Dear Sir or Madam,
Microsoft SQL-Server (MS-SQL) includes a "Browser Service" usually
listening on port 1434/udp [1]. If this service is openly accessible
from the Internet, it exposes information on the network the SQL server
is running on. Furthermore, it can be abused for DDoS amplification
attacks.
The Shadowserver 'Open MS-SQL Server Resolution Service Scanning
Project' [2] identifies MS-SQL Browser Services which are openly
accessible from the Internet. Shadowserver provides CERT-Bund with
the test results for IP addresses in Germany for notification of the
owners of the affected systems.
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the system was found
to be running an openly accessible MS-SQL Server Browser Service.
"Server Name" usually corresponds to the NetBIOS name of the server.
"Instance Name" is the name of the SQL instance on the server.
"Amplification" is the amplification factor attackers can achieve
when abusing the service for DDoS attacks. This value is determined
by dividing the size of the response by the size of the request
sent to the server.
We would like to ask you to check this issue and take appropriate
steps to secure the MS-SQL Browser Services on the affected systems
or notify your customers accordingly.
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
Microsoft recommends:
"The SQL Server Browser service lets users connect to instances
of the Database Engine that are not listening on port 1433,
without knowing the port number. To use SQL Server Browser, you
must open UDP port 1434. To promote the most secure environment,
leave the SQL Server Browser service stopped, and configure
clients to connect using the port number." [3]
Dear Sir or Madam,
Microsoft SQL-Server (MS-SQL) includes a "Browser Service" usually
listening on port 1434/udp [1]. If this service is openly accessible
from the Internet, it exposes information on the network the SQL server
is running on. Furthermore, it can be abused for DDoS amplification
attacks.
The Shadowserver 'Open MS-SQL Server Resolution Service Scanning
Project' [2] identifies MS-SQL Browser Services which are openly
accessible from the Internet. Shadowserver provides CERT-Bund with
the test results for IP addresses in Germany for notification of the
owners of the affected systems.
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the system was found
to be running an openly accessible MS-SQL Server Browser Service.
"Server Name" usually corresponds to the NetBIOS name of the server.
"Instance Name" is the name of the SQL instance on the server.
"Amplification" is the amplification factor attackers can achieve
when abusing the service for DDoS attacks. This value is determined
by dividing the size of the response by the size of the request
sent to the server.
We would like to ask you to check this issue and take appropriate
steps to secure the MS-SQL Browser Services on the affected systems
or notify your customers accordingly.
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
Microsoft recommends:
"The SQL Server Browser service lets users connect to instances
of the Database Engine that are not listening on port 1433,
without knowing the port number. To use SQL Server Browser, you
must open UDP port 1434. To promote the most secure environment,
leave the SQL Server Browser service stopped, and configure
clients to connect using the port number." [3]