[rescue] new worm?
Mike Meredith
mike at blackhairy.demon.co.uk
Sat Jan 25 11:38:11 CST 2003
On Saturday 25 January 2003 4:53 pm, Koyote wrote:
> > Sources please ?
>
> I thnk the relevant port is 1434 (UDP). YOu have to be a couple patch
> cycles behind to be directly affected, and it appears form here as if
> your local network spaces are either toasting, or unaffected. (this
> is really trivial to fix at gateways, firewalls, routers once you
> know what is happening. SFU in BC went from floored to running fine
> in 10 minutes once they knew what was up, for example. UC Davis...
> wasn't so lucky in figuring it out)
Sorry ... I should have provided details myself once I figured it out,
but I've been a bit busy (non worm related stuff). Looks like we were
lucky as we didn't allow the attack through the firewall. Judging by
how quickly things have settled down, I'd guess that the tier-1
networks blocked this traffic.
More information about the rescue
mailing list