[GTER] Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
Juliano Primavesi - CyberWeb Networks
juliano at cyberweb.com.br
Mon Jan 27 09:44:00 -02 2003
Correção em portugues
http://www.rnp.br/cais/alertas/2002/IN200204.html
Cordialmente,
Juliano Primavesi
: CyberWeb Networks
: CIC - Centro de Informações ao Cliente
: Fone 0 xx (51) 3222-2920
: Fax 0 xx (51) 3395-3945
:.........> http://www.cyberweb.com.br
"Luiz Eduardo (Doc)" wrote:
>
> Como vcs jah devem ter percebido...
>
> ---
> doc at n3tworkz.com
> ----- Original Message -----
> From: "Michael Bacarella" <mbac at netgraft.com>
> Sent: Friday, January 24, 2003 11:11 PM
> Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
>
> : I'm getting massive packet loss to various points on the globe.
> : I am seeing a lot of these in my tcpdump output on each
> : host.
> :
> : 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
> : 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp
> port ms-sql-m unreachable [tos 0xc0
> :
> : It looks like there's a worm affecting MS SQL Server which is
> : pingflooding addresses at some random sequence.
> :
> : All admins with access to routers should block port 1434 (ms-sql-m)!
> :
> : Everyone running MS SQL Server shut it the hell down or make
> : sure it can't access the internet proper!
> :
> : I make no guarantees that this information is correct, test it
> : out for yourself!
> :
> : --
> : Michael Bacarella 24/7 phone: 646 641-8662
> : Netgraft Corporation http://netgraft.com/
> : "unique technologies to empower your business"
> :
> : Finger email address for public key. Key fingerprint:
> : C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055
> :
>
> --
> GTER list http://eng.registro.br/mailman/listinfo/gter
More information about the gter
mailing list