RE: strange attacks - flood udp packets from 1030 to msql
From: Drew, Dale (Dale.Drew@Level3.com)
Date: 01/25/03
- Previous message: Carl Inglis: "Microsoft SQL Server 2000 worm - port 1434"
- Maybe in reply to: Uwe Dippel: "strange attacks - flood udp packets from 1030 to msql"
- Next in thread: Víctor: "Re: strange attacks - flood udp packets from 1030 to msql"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Jan 2003 08:15:43 -0700 From: "Drew, Dale" <Dale.Drew@Level3.com> To: "Uwe Dippel" <udippel@yahoo.com>, <incidents@securityfocus.com>
Some of us have been dealing with this since 10:30pm yesterday... :)
Alerts:
http://www.ngssoftware.com/vna/ms-sql.txt
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21824
Code:
http://www.digitaloffense.net/worms/mssql_udp_worm/
http://packetstormsecurity.org/0211-exploits/sql2.cpp
Dale
======================================
"SUCCESS THROUGH TEAMWORK"
Dale Drew
Director, Global Security/AAA Engineering & Architecture
Level(3) Communications, LLC
720-888-2963 | dale.drew@level3.com
-----Original Message-----
From: Uwe Dippel [mailto:udippel@yahoo.com]
Sent: Saturday, January 25, 2003 4:52 AM
To: incidents@securityfocus.com
Subject: strange attacks - flood udp packets from 1030 to msql
The subject says it.
Strange behaviour and no clue here why.
A server floods random (??) IP-addresses with udp-packets from iad1 to
1434 (msql), overflowing the external router,yadayadayada. DoS, in
short.
Anyone seen this before ??
Uwe
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Next message: Sam Evans: "Re: Increased activity on UDP/1434"
- Previous message: Carl Inglis: "Microsoft SQL Server 2000 worm - port 1434"
- Maybe in reply to: Uwe Dippel: "strange attacks - flood udp packets from 1030 to msql"
- Next in thread: Víctor: "Re: strange attacks - flood udp packets from 1030 to msql"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
