web attacks?
Gerald Combs
gerald at ethereal.com
Sat Jan 25 16:39:05 CST 2003
On Sat, 25 Jan 2003, Matt Luettgen wrote:
> anyone noticing massive hits on 1434 and 80? a few on 6667? my logs are
> full and a lot of irc users are reporting the same thing
There is a worm exploiting a hole discovered in MS SQL server back in
July. It uses UDP, and therefore propogates more quickly and easily than
Code Red, Nimbda, or Slapper. The volume of traffic it's generating
apparently caused connectivity issues across the Internet last night.
More information can be found at
http://online.securityfocus.com/archive/1/308327/2003-01-22/2003-01-28/1
I've seen a steady trickle of UDP packets destined for port 1434 on my
outside interface. I'm also seeing a TON of ARP requests, suggesting
that my outside netblock is being hit.
Note that this is NOT related to the XST TRACE vulnerability/hype despite
what reading Slashdot might lead you to believe.
I'd make a smartass comment about MS security, but I just updated my
CVS servers this week to patch a root hole.
More information about the Kclug
mailing list