Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION (Security Log Kerio Control 8.5.1 build 3235)
  •  
AMET4

Messages: 16
Karma: 2
Send a private message to this user
Hi,

Kerio Control: 8.5.1 build 3235


I see a lot of following Alerts in the Security Log of Kerio control, where they come from and what do they mean?


[27/Apr/2015 15:29:05] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57586 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:29:52] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57641 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:29:58] Last message repeated 3 times
[27/Apr/2015 15:31:44] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.130:60790 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:25] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57774 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:25] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.155:57765 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:47] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.130:60907 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)
[27/Apr/2015 15:32:50] IPS: Alert, severity: Medium, Rule ID: 1:2011037 ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION, proto:TCP, ip/port:10.168.9.130:60939 (user:[UserNamexxx]) -> 91.xxx.xxx.xxx:3128 (server.domain.local)


Regards,
AMET4
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
  •  
AMET4

Messages: 16
Karma: 2
Send a private message to this user
Hi ksnyder,

can we see the the Source, which is trying to do the SQL Injection attack? Is this from inside the organization or outside? May a Virus?

Thanks

Regards,
AMET4
Previous Topic: [BUG] - Interfaces statistics reset to Zero when Time Zone changed.
Next Topic: Update to 8.5.2 NIC Issue on shuttle DS437
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Oct 18 22:31:50 CEST 2017

Total time taken to generate the page: 0.00361 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.