[rescue] new worm?
Koyote
koyote at koyote.cx
Sat Jan 25 10:53:08 CST 2003
Mike Meredith <mike at blackhairy.demon.co.uk> writes:
> On Saturday 25 January 2003 9:37 am, Koyote wrote:
> > Mike Meredith <mike at blackhairy.demon.co.uk> writes:
> > > On Saturday 25 January 2003 8:40 am, Koyote wrote:
> > > > http://www.nextgenss.com/advisories/mssql-udp.txt
> >
> > I'm pretty sure that this is something fresh in construction
> > "warholling" tonight.
> >
> > It could, I suppose, very well be something old, but it seems a bit
> > virulent for that.
>
> Sources please ?
>
> I've seen one message about it (apart from here), but I can't see an
> explosion in MS SQL activity in my firewall logs.
I thnk the relevant port is 1434 (UDP). YOu have to be a couple patch
cycles behind to be directly affected, and it appears form here as if
your local network spaces are either toasting, or unaffected. (this is
really trivial to fix at gateways, firewalls, routers once you know what
is happening. SFU in BC went from floored to running fine in 10 minutes
once they knew what was up, for example. UC Davis... wasn't so lucky in
figuring it out)
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue
More information about the rescue
mailing list