Symantec issued an alert that it had detected unusual amounts of scanning of a port normally associated with Microsoft SQL Server, a possible precursor to an attack.