GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION (Security Log Kerio Control 8.5.1 build 3235)
dialog-warning.png  ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION [message #120961] Mon, 27 April 2015 16:21 Go to next message
AMET4 is currently offline  AMET4
Messages: 16
Registered: February 2014
Hi,

Kerio Control: 8.5.1 build 3235


I see a lot of following Alerts in the Security Log of Kerio control, where they come from and what do they mean?


[27/Apr/2015 15:29:05] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57586 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:29:52] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57641 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:29:58] Last message repeated 3 times
[27/Apr/2015 15:31:44] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.130:60790 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:25] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57774 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:25] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57765 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:47] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.130:60907 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:50] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.130:60939 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)


Regards,
AMET4

Report message to a moderator

Re: ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION [message #120964 is a reply to message #120961] Mon, 27 April 2015 18:46 Go to previous messageGo to next message
ksnyder
Messages: 557
Registered: August 2014
Location: USA
Appears to be a possible SQL Injection attack. http://en.wikipedia.org/wiki/SQL_injection#Conditional_respo nses

Ken Snyder

Report message to a moderator

Re: ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION [message #120995 is a reply to message #120964] Tue, 28 April 2015 17:16 Go to previous message
AMET4 is currently offline  AMET4
Messages: 16
Registered: February 2014
Hi ksnyder,

can we see the the Source, which is trying to do the SQL Injection attack? Is this from inside the organization or outside? May a Virus?

Thanks

Regards,
AMET4

Report message to a moderator

Previous Topic: [BUG] - Interfaces statistics reset to Zero when Time Zone changed.
Next Topic: Update to 8.5.2 NIC Issue on shuttle DS437
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Apr 01 08:51:30 CEST 2023

Total time taken to generate the page: 0.03669 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software