Saturday, January 25, 2003
1434

1434 MS SQL Server Worm Wreaking Havoc. defile writes "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random ... [Slashdot] Ouch, who are all these insane people running SQL databases open to the internet? [Simon Fell]

What's worse is that about a year ago, one of our DBAs went to a SQL Server training course where the instructor did a demonstration of how many SQL Servers he could log into over the internet using the sa account with no password. 

Incoming Log Table
 
Source IP Destination Port Number
195.56.231.156 137
64.219.107.73 1433
24.93.212.46 137
64.173.169.14 137
200.66.137.164 137
196.31.185.154 137
200.203.135.25 135
216.223.128.204 1434
212.194.9.245 137
62.234.45.3 137
213.96.171.3 137
216.223.128.204 1434
80.178.103.96 137
207.5.254.112 137
203.80.94.92 137
62.155.243.73 137
202.88.146.57 137
213.76.76.8 137
206.47.17.12 1434
195.175.101.244 137
213.153.182.114 137
211.139.140.173 1434
194.93.135.69 1434
65.218.131.9 49320
0.24.10.67 80
218.30.21.193 1434
206.218.180.11 1434
128.192.30.16 1434
168.160.224.133 1434
200.154.100.5 1434
193.61.22.14 1434
130.94.106.10 1434
216.144.224.10 1434
61.135.148.67 1434
138.23.142.87 1434
216.229.179.9 1434
24.196.17.49 1434
195.14.149.43 1434
193.7.255.14 1434
218.16.125.252 1434
195.35.0.163 1434
210.103.209.179 1434
130.94.243.254 1434
199.239.208.229 1434
196.7.37.111 1434
130.88.172.108 1434
130.192.16.36 1434
218.54.139.194 1434
168.156.115.11 1434
141.84.103.55 1434
216.86.78.129 1434
209.142.3.240 1434
211.91.27.133 1434
80.232.106.11 1434
134.95.112.101 1434
128.10.7.123 1434
128.242.110.85 1434
217.199.3.153 1434
128.63.48.74 1434
211.33.123.103 1434
170.130.5.7 1434
194.67.26.198 1434
4.42.228.12 1434
64.156.47.59 1434
195.176.182.182 1434
130.238.131.201 1434
209.126.226.130 1434
198.165.205.82 1434
202.180.114.97 1434
128.243.24.66 1434
1:37:49 PM  permalink Click here to send an email to the editor of this weblog. 


© Copyright 2003 Gordon Weakliem .
Last update: 6/27/2003; 6:38:36 PM .

Stories
DateTitle
1/23/2003 Why XML?
8/13/2002 Resolution for IE and Windows problems
8/10/2002 Supporting VS.NET and NAnt
5/11/2002 When do you stop unit testing?
Contact
jabber: weakliem
YM: gweakliem
MSN: gweakliem@pcisys.net
email: Click here to send an email to the editor of this weblog.
Subscribe to "Gordon Weakliem's Weblog" in Radio UserLand.
Click to see the XML version of this web page.