The Shadowserver Foundation MS-SQL Server Resolution Service Scanning Project
OVERVIEW
MSSQLSCAN.SHADOWSERVER.ORG TRAFFIC
Date Range
Date Range
Date Range
LINKS TO WEBSITE
WHAT DOES MSSQLSCAN.SHADOWSERVER.ORG LOOK LIKE?
MSSQLSCAN.SHADOWSERVER.ORG SERVER
SERVER SOFTWARE
We identified that this website is implementing the Apache/2.4.18 (Ubuntu) server.SITE TITLE
The Shadowserver Foundation MS-SQL Server Resolution Service Scanning ProjectDESCRIPTION
Open MS-SQL Server Resolution Service Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network andor poking at the MS-SQL Server Resolution service. Servers that are configured this way have been incorporated into our reports. And are being reported on a daily basis. Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at https www.us-cert.govncasalertsTA14-017A. We are quer.PARSED CONTENT
The website mssqlscan.shadowserver.org states the following, "Open MS-SQL Server Resolution Service Scanning Project." I analyzed that the website said " If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network andor poking at the MS-SQL Server Resolution service." They also stated " Servers that are configured this way have been incorporated into our reports. And are being reported on a daily basis. Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at https www."ANALYZE OTHER WEBSITES
Information on these vulnerable devices has been incorporated into our reports. And are being reported on a daily basis. For hints on decoding the response.
The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have NetBIOS running and answering Name Resolution queries. The goal of this project is to identify openly accessible NetBIOS services and report them back to the network owners for remediation.
As was recently reported by Trend Micro. Information on these vulnerable devices has been incorporated into our reports. And are being reported on a daily basis. We are querying all computers with routable IPv4 .
The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have NTP running and answering Mode 7 queries for MON GET LIST. The goal of this project is to identify openly accessible NTP services and report them back to the network owners for remediation. If you would like t.
Open Quote of the Day Service Scanning Project. These devices have the potential to be used in UDP amplification attacks and if at all possible, we would like to see these services made un-available to miscreants that would misuse these resources. Servers that are configured this way have been incorporated into our reports.