Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
From: cstone (cstone@pobox.com)
Date: 01/25/03
- Previous message: Byron Morton: "Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
- In reply to: Michael Bacarella: "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
- Next in thread: John Howie: "RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Jan 2003 06:07:42 -0600 From: cstone <cstone@pobox.com> To: Michael Bacarella <mbac@netgraft.com>
On Sat, Jan 25, 2003 at 02:11:41AM -0500, Michael Bacarella wrote:
> I'm getting massive packet loss to various points on the globe.
> I am seeing a lot of these in my tcpdump output on each
> host.
>
> It looks like there's a worm affecting MS SQL Server which is
> pingflooding addresses at some random sequence.
yeah. i guess it's an old vulnerability, but i don't keep up on
this stuff.
however, i have disassembled the code inside; all it does is send
itself to pseudorandomly generated hosts.
there is an annotated disassembly at
http://www.boredom.org/~cstone/worm-annotated.txt
- Next message: Marc Maiffret: "SQL Sapphire Worm Analysis"
- Previous message: Byron Morton: "Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
- In reply to: Michael Bacarella: "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
- Next in thread: John Howie: "RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
