Samstag, 25. Januar 2003

CA-2003-04: MS-SQL Server Worm [CERT/CC] CERT® Advisory CA-2003-04 MS-SQL Server Worm Original release date: January 25, 2003 Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected * Microsoft SQL Server 2000 Overview The CERT/CC has received reports of self-propagating malicious code that exploits multiple vulnerabilities in the Resolution Service of Microsoft SQL Server 2000. The propagation of this worm has caused varied levels of network degradation across the Internet, in addition to the compromise of vulnerable machines. [...] 6:57:19 PM    comment []

Here's a chart from the Internet Traffic Report with global packet loss for the past 24 hours. I first noticed it last night connecting to Yahoo and KBS's Korean news sites around 10:30PM Pacific. But I didn't notice any problems with local sites so I thought it was just a regional issue. Surprise. [lawrence's notebook] 5:22:56 PM    comment []

Detail on SQL Worm Starting at 11:30pm CST, systems from all over the internet began sending traffic (apparently) to random destinations. At 5:30am CST, traffic rates are dropping as backbone operators and ISPs filter UDP traffic to port 1434 (MS-SQL Monitor). 2:31:26 PM    comment []

http://www.cnn.com/2003/TECH/internet/01/25/internet.attack.ap/index.html 2:29:57 PM    comment []

MS SQL Server Worm Wreaking Havoc. defile writes "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. [Slashdot] 2:18:47 PM    comment []

Virus-like attack hits web traffic. A virus-like infection similar to the 2001 Code Red attack slows internet traffic - and South Korea's web services are shut down. [BBC News | Technology | UK Edition] 1:47:45 PM    comment []

Some people see problems now ... UserLand's mail server is down. No mail. Interesting feeling. It must be in the water (or air). My friend Cory Doctorow is having mail problems too.   [Scripting News] 1:21:36 PM    comment []

MS SQL WORM IS DESTROYING INTERNET BLOCK... MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! [bugtraq mailing list] 1:11:09 PM    comment []

Some info on the DDoS Attack http://webhostingtalk.com/showthread.php?threadid=107132 May God have mercy on your soul if you don't run SQL Server behind a SEVERELY RESTRICTED firewall. http://webhostingtalk.com/showthread.php?threadid=107128 Half the internet is shagged including our trash! http://webhostingtalk.com/showthread.php?threadid=107129 [...] it appears blocking udp 1434 will help you and of course remove all windows servers... 12:56:18 PM    comment []

Massive DDoS Attack throughout the Internet Fuck M$, fuck M$ SQL Server and fuck Windoze admin idiots! I'll try to get more info. It seems that stupid programming of SQL Server leveraged by braindead admins made the DDos attack possible. It's dying off now! 12:39:47 PM    comment []

© Copyright 2003 cipher.

Mac and the Mac logo are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.
The Made on a Mac Badge is a trademark of Apple Computer, Inc., used with permission.