[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Karsten M. Self kmself@ix.netcom.com
Sat Jan 25 00:19:33 PST 2003


on Sat, Jan 25, 2003 at 02:11:41AM -0500, Michael Bacarella (mbac@netgraft.com) wrote:
> I'm getting massive packet loss to various points on the globe.
> I am seeing a lot of these in my tcpdump output on each
> host.
> 
> 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m:  udp 376
> 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos 0xc0
> 
> It looks like there's a worm affecting MS SQL Server which is
> pingflooding addresses at some random sequence.
> 
> All admins with access to routers should block port 1434 (ms-sql-m)!
> 
> Everyone running MS SQL Server shut it the hell down or make
> sure it can't access the internet proper!
> 
> I make no guarantees that this information is correct, test it
> out for yourself!

Confirmed:


    CERT advisory
    http://www.kb.cert.org/vuls/id/370308

    Traffic impacts
    http://average.matrix.net/  

I'm on #debian ATM, this is the topic of some discussion.  AU, UK, and
DE seem particularly affected.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Keep software free.         Oppose the CBDTPA.         Kill S.2048 dead.
     http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html



More information about the linux-elitists mailing list