[sambar] OffTopic: New Round of UDP Port 1434 Scans {04}

Sat, 25 Jan 2003 12:46:21 -0800 

You will be alright if you are using MySQL.  MySQL uses Port 3306 for all
communication, unlike the port 1434 that MS SQL uses, and the port that was
meant to be attacked.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of Rodney Richison
Sent: Saturday, January 25, 2003 2:32 PM
To: sambar List Member
Subject: [sambar] OffTopic: New Round of UDP Port 1434 Scans {03}


Striving for clarity. If your running mysql and not M$ sql, you should be
ok?


Highest Regards
Rodney Richison
918-358-1111
www.rcrnet.net
----- Original Message -----
From: "Danny Mallory" <[EMAIL PROTECTED]>
To: "sambar List Member" <[EMAIL PROTECTED]>
Sent: Saturday, January 25, 2003 1:23 PM
Subject: [sambar] OffTopic: New Round of UDP Port 1434 Scans {02}


> We have already been involved in this ourselves.. It appears that any SQL
server 2k missing at least MS02-061 (cumulative) does not contain patches
for MS02-039 (serveral vulnerabilities).. This specific hole exploits the
vulnerability with the keep alive mechanism.
>
> Although all of our SQL instances are in good shape, be prepared for some
network saturation... Not as ugly as Nimda but it is already known to have
created denial of services for other boxes in that subnet.
>
> Danny
>
> On 25/Jan/2003 09:56:36, Jeff Adams  wrote:
> > This morning I woke up to find hundreds and hundreds of UDP port scans
for
> > port 1434 (all blocked, of course).  I thought that was odd so I looked
up
> > what runs on port 1434 and found that's what Microsoft's SQL server
> > uses.  A couple minutes later I browsed to Yahoo! and saw a news story
> > (below) that explained my scans.
> >
> > -Jeff
> >
> >
> > <A TARGET="_blank"
HREF="http://story.news.yahoo.com/news?tmpl=story&amp;u=/ap/20030125/ap_wo_e
n_po/na_gen_internet_attack_2">http://story.news.yahoo.com/news?tmpl=story&u
=/ap/20030125/ap_wo_en_po/na_gen_internet_attack_2</a>
> >
> > Internet traffic broadly affected by electronic attack
> > Sat Jan 25, 6:07 AM ET
> >
> > By TED BRIDIS, Associated Press Writer
> >
> > WASHINGTON - Traffic on the many parts of the Internet slowed
dramatically
> > early Saturday, the apparent effects of a fast-spreading, virus-like
> > infection in the world's digital pipelines and interfering with Web
> > browsing and delivery of e-mail.
> >
> > Sites monitoring the health of the Internet reported significant
slowdowns
> > globally. Experts said the latest electronic attack bore remarkable
> > similarities to "Code Red" virus during the summer of 2001 which also
> > ground traffic to a halt on much of the Internet.
> >
> > "It's not debilitating," said Howard Schmidt, one of President George W.
> > Bush (news - web sites)'s top cyber-security advisers. "Everybody seems
to
> > be getting it under control." Schmidt said the FBI (news - web sites)'s
> > National Infrastructure Protection Center and private experts at the
CERT
> > Coordination Center (news - web sites) were monitoring the attacks.
> >
> > The virus-like attack sought out vulnerable computers to infect on the
> > Internet using a known flaw in popular database software from Microsoft
> > Corp., called "SQL Server." But the attacking software code was scanning
> > for victim computers so randomly and so aggressively sending out
thousands
> > of probes each second that it overwhelmed many Internet data pipelines.
> >
> > "This is like Code Red all over again," said Marc Maiffret, an executive
> > with eEye Digital Security, whose engineers were among the earliest to
> > study samples of the attack software. "The sheer number of attacks is
> > eating up so much bandwidth that normal operations can't take place."
> >
> > The attack sought to take advantage of a software flaw discovered in
July
> > 2002 that permits hackers to infect corporate database servers.
Microsoft
> > deemed the problem "critical" and offered a free repairing patch, but it
> > was impossible to know how many computer administrators applied the fix.
> >
> > "People need to do a better job about fixing vulnerabilities," Schmidt
said.
> > -------------------------------------------------------
> > To unsubscribe please go to <A TARGET="_blank"
HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</a>
> >
> >
> >
> -------------------------------------------------------
> To unsubscribe please go to http://www.sambar.ch/list/
>
>
>
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/

Reply via email to