Page 1 of 1

Wreaking Havoc

Posted: Sat Jan 25, 2003 10:03 am
by Kriek
American Intelligence reports massive DDOS (Distributed Denial of Service) attacks all over the internet. This has effectively disabled eight of the thirteen root nameservers. Although the internet theoretically can operate with only a single root server, its performance would slow down drastically if more than four root servers failed for any appreciable length of time. netpulse is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434. Linux or Unix servers are completely safe, because they do not use port 1434 for anything.

Posted: Sat Jan 25, 2003 3:07 pm
by mydimension
damn, that sUx.
/me closes port 1434

Posted: Sat Jan 25, 2003 4:43 pm
by Kriek
Yet again a security hole in a Microsoft product has been widely exploited. The worm, also called SQL-HELL, originated in South Korea - where internet access was immediately shut down due to it after the worm launched.

» Internet Storm Center
» OSDN |Slashdot
» American Intelligence
» The Internet Health Report
» CNN | Technology
» MSNBC | Tech Science