[GTER] Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Rubens Kuhl Jr. rubens at email.com
Sun Jan 26 13:08:00 -02 2003


Com um foco na infra-estrutura de rede, há também esta página respeito do
worm:
http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml

E para quem não esteve na GT-ER 14, a apresentação que fiz nessa reunião
pode ser ilustrativa para quem estiver intrigado sobre porque uma praga de
sistemas causa disrupções de rede:
ftp://ftp.registro.br/pub/gter/gter14/worms_rkj.zip



Rubens


----- Original Message -----
From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
To: <provedores-brasil at yahoogrupos.com.br>;
<networking-brasil at yahoogrupos.com.br>; <gter at eng.registro.br>
Sent: Saturday, January 25, 2003 8:36 AM
Subject: [GTER] Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!


|
| Como vcs jah devem ter percebido...
|
| ---
| doc at n3tworkz.com
| ----- Original Message -----
| From: "Michael Bacarella" <mbac at netgraft.com>
| Sent: Friday, January 24, 2003 11:11 PM
| Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
|
|
| : I'm getting massive packet loss to various points on the globe.
| : I am seeing a lot of these in my tcpdump output on each
| : host.
| :
| : 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m:  udp 376
| : 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp
| port ms-sql-m unreachable [tos 0xc0
| :
| : It looks like there's a worm affecting MS SQL Server which is
| : pingflooding addresses at some random sequence.
| :
| : All admins with access to routers should block port 1434 (ms-sql-m)!
| :
| : Everyone running MS SQL Server shut it the hell down or make
| : sure it can't access the internet proper!
| :
| : I make no guarantees that this information is correct, test it
| : out for yourself!
| :
| : --
| : Michael Bacarella                  24/7 phone: 646 641-8662
| : Netgraft Corporation                   http://netgraft.com/
| :       "unique technologies to empower your business"
| :
| : Finger email address for public key.  Key fingerprint:
| :   C40C CB1E D2F6 7628 6308  F554 7A68 A5CF 0BD8 C055
| :
|
| --
| GTER list    http://eng.registro.br/mailman/listinfo/gter
|




More information about the gter mailing list