BugTraq
MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 07:11AM
Michael Bacarella (mbac netgraft com) (4 replies)
I'm getting massive packet loss to various points on the globe.
I am seeing a lot of these in my tcpdump output on each
host.

02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos 0xc0

It looks like there's a worm affecting MS SQL Server which is
pingflooding addresses at some random sequence.

All admins with access to routers should block port 1434 (ms-sql-m)!

Everyone running MS SQL Server shut it the hell down or make
sure it can't access the internet proper!

I make no guarantees that this information is correct, test it
out for yourself!

--
Michael Bacarella 24/7 phone: 646 641-8662
Netgraft Corporation http://netgraft.com/
"unique technologies to empower your business"

Finger email address for public key. Key fingerprint:
C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055

[ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 12:07PM
cstone (cstone pobox com)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 10:04AM
Tom Kyle (tom eos umsl edu)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 10:01AM
Ed Blanchfield (Ed E-Things Org)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 09:17AM
Geoff Shively (gshively pivx com)


 

Privacy Statement
Copyright 2010, SecurityFocus