Hosting Provided By

Re: Increased activity on UDP/1434

From: Otto Dandenell <bugtraq(at)fetaste.com>
Date: Sat Jan 25 2003 - 09:36:29 EST

Dmitri Smirnov wrote:

> Having a big number of connections on UDP/1434 from a random

New DDos Worm attacking MSSQL servers through well known buffer overflow vulnerabilities.

Read the Bugtraq thread "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!".

Make sure your MSSSQL 2000 server is patched with SQL Server Service Pack 3.

Some links:

http://www.kb.cert.org/vuls/id/370308http://www.kb.cert.org/vuls/id/399260http://www.kb.cert.org/vuls/id/484891

Some news: http://news.zdnet.co.uk/story/0,,t269-s2099780,00.html Advisory: http://www.nextgenss.com/advisories/mssql-udp.txt Microsoft Fix:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-039.asp

>From one of the Bugtraq postings:

"Some random screen shots, a copy of the worm as a perl script, and a disassembly (sorry, no comments) can be found online at:

Do you need help?

http://www.digitaloffense.net/worms/mssql_udp_worm/ "

Regards

/ Otto Dandenell

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Jan 26 23:08:41 2003

This message: [ Message body ]
Next message: Carl Inglis: "Microsoft SQL Server 2000 worm - port 1434"
Previous message: mistymountainhop(at)hushmail.com: "Paypal.com hosting IRC server, possible hack?"
In reply to Dmitri Smirnov: "Increased activity on UDP/1434"
Next in thread: Sam Evans: "Re: Increased activity on UDP/1434"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT