Re: Increased activity on UDP/1434

From: Justin Bloom (shock@shock.ddts.net)
Date: 01/25/03

  • Next message: Marc Maiffret: "SQL Sapphire Worm Analysis" 
    From: "Justin Bloom" <shock@shock.ddts.net>
To: "Dmitri Smirnov" <Dmitri.Smirnov@fusepoint.com>, <incidents@securityfocus.com>
Date: Sat, 25 Jan 2003 14:52:13 -0000

    Hi,

    There is currently a new SQL Server worm doing the rounds on the internet
    attacking SQL Server 2000 installations and I believe MSDE installs as well.
    More information is at :-

    http://vil.nai.com/vil/content/v_99992.htm

    Regards,

    Justin

    ----- Original Message -----
    From: "Dmitri Smirnov" <Dmitri.Smirnov@fusepoint.com>
    To: <incidents@securityfocus.com>
    Sent: Saturday, January 25, 2003 7:05 AM
    Subject: Increased activity on UDP/1434

    Having a big number of connections on UDP/1434 from a random IPs in
    Internet on
    a different networks. One hour ago (22:00 PST) one server in colo space
    started to initiate
    a hundreds of connection per second to diff. hosts on Internet to port
    UDP/1434 (isolated).
    New worms? DDoS? Is anyone experience the same?

    Dmitri Smirnov, SSCP
    Security Team
    Fusepoint Managed Services Inc.
    Suite 2323, Three Bentall Centre
    595 Burrard Street
    P.O. Box 49336
    Vancouver B.C. V7X 1L4
    Phone: (604) 687-7757
    Fax: (604) 687-7761
    Email: Dmitri.Smirnov@fusepoint.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    Relevant Pages

    • Re: Best Pratice-Remore ADO Access
      ... > end app will be installed on clients and the SQL Server ... > use the Internet to move data back and forth. ... >> data over a WAN connection to a SQL Server. ... >> INSERT clause would be the most efficient method, ...
      (microsoft.public.vb.database.ado)
    • Re: remoting vs. direct sql connection
      ... I'd say that you should never expose your SQL Server directly to the ... Internet -- the security risks are simply far too great. ... Using either a web service or remoting will also somewhat help in relieving ... Remoting logically uses a connection per ...
      (microsoft.public.dotnet.framework.remoting)
    • Re: SQL CE Setup 101... C#
      ... the Internet Url. ... We have seen issues when we give IP address in internet ... Try using the sql server instance name. ... > // Create the Local SSCE Database subscription. ...
      (microsoft.public.sqlserver.ce)
    • Re: MDB vs ADP
      ... So whilst in many cases it can be very slow using an adp / mdb to connect to ... a sql server over the net you can make it work. ... > MDB and ADP over the Internet; not only when loading 1000 records but also ...
      (microsoft.public.access.adp.sqlserver)
    • Re: HELP! SQL Server Stops my Internet !!!!
      ... up the key first just in case) ... Jasper Smith (SQL Server MVP) ... > shares Internet Connection. ... > internet access and makes my hub crazy! ...
      (microsoft.public.sqlserver.setup)