Re: Increased activity on UDP/1434

From: Sam Evans (sam@neuroflux.com)
Date: 01/25/03

Next message: Mark J. Lastdrager: "graphical stats of new SQL worm"

Previous message: Drew, Dale: "RE: strange attacks - flood udp packets from 1030 to msql"
In reply to: Dmitri Smirnov: "Increased activity on UDP/1434"
Next in thread: slswick@aep.com: "Re: Increased activity on UDP/1434"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Sam Evans" <sam@neuroflux.com>
To: "Dmitri Smirnov" <Dmitri.Smirnov@fusepoint.com>, <incidents@securityfocus.com>
Date: Sat, 25 Jan 2003 07:32:36 -0700

It's a new MS-SQL Worm that, from what I have been reading, is taking
advantage of the following vulnerability:

http://www.nextgenss.com/advisories/mssql-udp.txt

We have seen an enormous amount of this traffic as of 1:09 AM (GMT -7)

-Sam

----- Original Message -----
From: "Dmitri Smirnov" <Dmitri.Smirnov@fusepoint.com>
To: <incidents@securityfocus.com>
Sent: Saturday, January 25, 2003 12:05 AM
Subject: Increased activity on UDP/1434

Having a big number of connections on UDP/1434 from a random IPs in
Internet on
a different networks. One hour ago (22:00 PST) one server in colo space
started to initiate
a hundreds of connection per second to diff. hosts on Internet to port
UDP/1434 (isolated).
New worms? DDoS? Is anyone experience the same?

Dmitri Smirnov, SSCP
Security Team
Fusepoint Managed Services Inc.
Suite 2323, Three Bentall Centre
595 Burrard Street
P.O. Box 49336
Vancouver B.C. V7X 1L4
Phone: (604) 687-7757
Fax: (604) 687-7761
Email: Dmitri.Smirnov@fusepoint.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Next message: Mark J. Lastdrager: "graphical stats of new SQL worm"
Previous message: Drew, Dale: "RE: strange attacks - flood udp packets from 1030 to msql"
In reply to: Dmitri Smirnov: "Increased activity on UDP/1434"
Next in thread: slswick@aep.com: "Re: Increased activity on UDP/1434"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: 030.com
... Doing a keyword search from the address bar in Internet ... Fixing the host file worked fine until this afternoon, ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
Re: MS-SQL Worm?
... Subject: MS-SQL Worm? ... This is an exploit for a default MS SQL installation. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
Re: MS-SQL Worm?
... Subject: MS-SQL Worm? ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
ebooks share lits 372
... Corrosion of Ceramic and Composite Materials Corrosion Technology (New ... Secure Internet Practices: Best Practices for Securing Systems in the ... Knowledge Management and Organizations: Process, ... Early Studies Clinical Governance (Online); ...
(sci.med.nutrition)
And all hes got to do is moderate the usenet.
... Internet Project - Web Design Project - Network Project - Security ... 2007 French National Plastic Arts Centre - www.cnap.fr ... management and general content buffer/validation system. ...
(soc.culture.thai)