RE: strange attacks - flood udp packets from 1030 to msql

From: Drew, Dale (Dale.Drew@Level3.com)
Date: 01/25/03

  • Next message: Sam Evans: "Re: Increased activity on UDP/1434"
    Date: Sat, 25 Jan 2003 08:15:43 -0700
    From: "Drew, Dale" <Dale.Drew@Level3.com>
    To: "Uwe Dippel" <udippel@yahoo.com>, <incidents@securityfocus.com>
    
    

    Some of us have been dealing with this since 10:30pm yesterday... :)

    Alerts:
    http://www.ngssoftware.com/vna/ms-sql.txt
    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21824

    Code:
    http://www.digitaloffense.net/worms/mssql_udp_worm/
    http://packetstormsecurity.org/0211-exploits/sql2.cpp

    Dale

    ======================================
    "SUCCESS THROUGH TEAMWORK"
    Dale Drew
    Director, Global Security/AAA Engineering & Architecture
    Level(3) Communications, LLC
    720-888-2963 | dale.drew@level3.com

     

    -----Original Message-----
    From: Uwe Dippel [mailto:udippel@yahoo.com]
    Sent: Saturday, January 25, 2003 4:52 AM
    To: incidents@securityfocus.com
    Subject: strange attacks - flood udp packets from 1030 to msql

    The subject says it.
    Strange behaviour and no clue here why.
    A server floods random (??) IP-addresses with udp-packets from iad1 to
    1434 (msql), overflowing the external router,yadayadayada. DoS, in
    short.
    Anyone seen this before ??

    Uwe

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    ------------------------------------------------------------------------

    ----
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com