1434 MS SQL Server Worm Wreaking Havoc. defile writes "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random ... [Slashdot] Ouch, who are all these insane people running SQL databases open to the internet? [Simon Fell]
What's worse is that about a year ago, one of our DBAs went to a SQL Server training course where the instructor did a demonstration of how many SQL Servers he could log into over the internet using the sa account with no password.
Incoming Log Table |
|
Source IP |
Destination Port Number |
195.56.231.156 |
137 |
64.219.107.73 |
1433 |
24.93.212.46 |
137 |
64.173.169.14 |
137 |
200.66.137.164 |
137 |
196.31.185.154 |
137 |
200.203.135.25 |
135 |
216.223.128.204 |
1434 |
212.194.9.245 |
137 |
62.234.45.3 |
137 |
213.96.171.3 |
137 |
216.223.128.204 |
1434 |
80.178.103.96 |
137 |
207.5.254.112 |
137 |
203.80.94.92 |
137 |
62.155.243.73 |
137 |
202.88.146.57 |
137 |
213.76.76.8 |
137 |
206.47.17.12 |
1434 |
195.175.101.244 |
137 |
213.153.182.114 |
137 |
211.139.140.173 |
1434 |
194.93.135.69 |
1434 |
65.218.131.9 |
49320 |
0.24.10.67 |
80 |
218.30.21.193 |
1434 |
206.218.180.11 |
1434 |
128.192.30.16 |
1434 |
168.160.224.133 |
1434 |
200.154.100.5 |
1434 |
193.61.22.14 |
1434 |
130.94.106.10 |
1434 |
216.144.224.10 |
1434 |
61.135.148.67 |
1434 |
138.23.142.87 |
1434 |
216.229.179.9 |
1434 |
24.196.17.49 |
1434 |
195.14.149.43 |
1434 |
193.7.255.14 |
1434 |
218.16.125.252 |
1434 |
195.35.0.163 |
1434 |
210.103.209.179 |
1434 |
130.94.243.254 |
1434 |
199.239.208.229 |
1434 |
196.7.37.111 |
1434 |
130.88.172.108 |
1434 |
130.192.16.36 |
1434 |
218.54.139.194 |
1434 |
168.156.115.11 |
1434 |
141.84.103.55 |
1434 |
216.86.78.129 |
1434 |
209.142.3.240 |
1434 |
211.91.27.133 |
1434 |
80.232.106.11 |
1434 |
134.95.112.101 |
1434 |
128.10.7.123 |
1434 |
128.242.110.85 |
1434 |
217.199.3.153 |
1434 |
128.63.48.74 |
1434 |
211.33.123.103 |
1434 |
170.130.5.7 |
1434 |
194.67.26.198 |
1434 |
4.42.228.12 |
1434 |
64.156.47.59 |
1434 |
195.176.182.182 |
1434 |
130.238.131.201 |
1434 |
209.126.226.130 |
1434 |
198.165.205.82 |
1434 |
202.180.114.97 |
1434 |
128.243.24.66 |
1434 |