Even though I'm not the only reporting attacks on MSSQL, I've had no shiny attacks addressing the brand new mssql code for dionaea yet, I think due to protocol bugs. But I've had some nfq gathered bistreams which could be replayed to the mssql service.
The bistream replayed was collected on 2010-08-09 and was contributed by 126.96.36.199 to my port 1433/tcp. I choose this bistream for its size, which is 245625bytes, and the largest bistream I captured for mssql.
After resolving some issues, I was able to dump the commands send to the database into a text file.
Within the umbrella of The Honeynet Project I've had two students working on dionaea as a GSoC2010 project this year.
The projects were:
For today, let's focus on the SMB stack improvements.
As early adaptor I currently enjoy the nfq module for dionaea.