I believe I just saw something about this in the SANS NewsBites. Here you go: http://www.incidents.org/diary/diary.php?id=152 An excerpt: Large scale MSSQL scans. ================================================================ ======================== For the last few days, we received a number of reports of widespread scans of port 1433. The most common use of port 1433 is Microsoft's SQL server. Just this march, a vulnerability in SQL Server 7.0 and 2000 was shown to allow access to the the security context of the server (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0154). Microsoft released and advisory and a patch for this problem. (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-020.asp ) It has also been known that many administrators do not change the default password for the administrator account. SQL Server by default ships with no password set for this account ( http://www.bhs.silesianet.pl/html/sql.htm ).