Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
From: Patrick Finch (pat@montereynet.net)
Date: 01/25/03
- Previous message: Smith, Donald : "RE: SNMP Weirdness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Jan 2003 02:09:23 -0800 To: Michael Bacarella <mbac@netgraft.com>, bugtraq@securityfocus.com, incidents@securityfocus.com From: Patrick Finch <pat@montereynet.net>
I'm seeing the same thing...
Apparently it's spreading around quite nicely :(
Looks like one of our workstations got hit at around 21:30 Pacific
Patrick Finch
At 02:11 AM 1/25/2003 -0500, Michael Bacarella wrote:
>I'm getting massive packet loss to various points on the globe.
>I am seeing a lot of these in my tcpdump output on each
>host.
>
>02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
>02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp
>port ms-sql-m unreachable [tos 0xc0
>
>It looks like there's a worm affecting MS SQL Server which is
>pingflooding addresses at some random sequence.
>
>All admins with access to routers should block port 1434 (ms-sql-m)!
>
>Everyone running MS SQL Server shut it the hell down or make
>sure it can't access the internet proper!
>
>I make no guarantees that this information is correct, test it
>out for yourself!
>
>--
>Michael Bacarella 24/7 phone: 646 641-8662
>Netgraft Corporation http://netgraft.com/
> "unique technologies to empower your business"
>
>Finger email address for public key. Key fingerprint:
> C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Thomas Ray: "RE: SNMP Weirdness"
- Previous message: Smith, Donald : "RE: SNMP Weirdness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
