This may well be the exploit being used: http://www.nextgenss.com/advisories/mssql-udp.txt
--Lloyd On Sat, 25 Jan 2003, Dave Stewart wrote: > Date: Sat, 25 Jan 2003 01:50:03 -0500 > From: Dave Stewart <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: New worm / port 1434? > > > At 01:32 AM 1/25/2003, you wrote: > > >It seems we have a new worm hitting Microsoft SQL server servers on port > >1434. > > Agreed... shutting down MSSQL stopped the flood here.... now to find it and > remove it >
