Re: DoS Attack on UDP port 1434

From: Tilman Schmidt (Tilman.Schmidt@ePost.de)
Date: 01/25/03

• Next message: F Wall: "Re: New SQL Server worm - UDP Port 1434"
• Previous message: Jeffrey A. Setaro: "Re: DoS Attack on UDP port 1434"
• In reply to: Morning Star: "DoS Attack on UDP port 1434"
• Next in thread: \: "Re: DoS Attack on UDP port 1434"
• Reply: \: "Re: DoS Attack on UDP port 1434"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Tilman Schmidt <Tilman.Schmidt@ePost.de>
Date: Sat, 25 Jan 2003 15:38:13 +0100

Morning Star <dma0021@softhome.net> wrote:
>when I tried to get on the Internet, I found that the Internet was
>very very slow and some web site was not able to show up. I checked
>the log of my router, and found a serious of access to UDP port 1434
>on my router. The attack came from more than 100 different IP
>addressed in about one hour.

That's not an attack, it's the newest Microsoft worm trying to spread.

> I had no idea why I was chosen but I was
>very angry.

You haven't been chosen. Everyone is hit by that.

> Is there anything I can do to avoid being attacked?

You aren't being attacked, not in any real sense of the word.

If you replace "attacked" by "affected": No, you can't do anything
against that. It's one of the hazards of sharing a network (in this
case, the Internet) with unsafe machines (in this case, those running
Microsoft SQL Server).

The only thing that could perhaps prevent that kind of incident would
be if someone who connected an insufficiently secured machine to the
Internet could in some way be held liable for the damage caused
through that machine. That might create the incentive, obviously
missing today, for properly securing machines before putting them
online. But that's nothing you or I can bring about.

-- 
Tilman Schmidt                       E-Mail: Tilman.Schmidt@ePost.de
Bonn, Germany
- In theory, there is no difference between theory and practice.
  In practice, there is.

• Next message: F Wall: "Re: New SQL Server worm - UDP Port 1434"
• Previous message: Jeffrey A. Setaro: "Re: DoS Attack on UDP port 1434"
• In reply to: Morning Star: "DoS Attack on UDP port 1434"
• Next in thread: \: "Re: DoS Attack on UDP port 1434"
• Reply: \: "Re: DoS Attack on UDP port 1434"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Biometrics ... computer to the Internet, it will get attacked. ... They're interesting for learning about attacker behavior and motivations, but they aren't security devices. ... Use Windows 98 Second Edition Machines as a safety internal protocol as ... MVP suggests how the internal safety of 9x is awesome and makes ... (microsoft.public.security) Re: Port Scanning. ... Its always good practice to run scans from different locations on the ... Internet, using machines that are not ... Faisal Khan wrote: ... (Pen-Test) Re: ISA 2006 and Listeners Part 2! ... All machines use only the internal AD/DNS ... No machine should ever use any other DNS ... The AD/DNS machine will use the ISP's DNS in the ... Microsoft Internet Security & Acceleration Server: ... (microsoft.public.isa.configuration) Re: Event id 529 ... The machines are not accessible from the Internet. ... I don't have access to my Network ... Logon Failure: ... (microsoft.public.windowsxp.security_admin) Re: DNS not resolving correctly on VPN ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ... (microsoft.public.win2000.dns)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint