[GTER] Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Juliano Primavesi - CyberWeb Networks juliano at cyberweb.com.br
Mon Jan 27 09:44:00 -02 2003


Correção em portugues
http://www.rnp.br/cais/alertas/2002/IN200204.html

Cordialmente, 

Juliano Primavesi
: CyberWeb Networks
: CIC - Centro de Informações ao Cliente
: Fone 0 xx (51) 3222-2920
: Fax  0 xx (51) 3395-3945
:.........> http://www.cyberweb.com.br

"Luiz Eduardo (Doc)" wrote:
> 
> Como vcs jah devem ter percebido...
> 
> ---
> doc at n3tworkz.com
> ----- Original Message -----
> From: "Michael Bacarella" <mbac at netgraft.com>
> Sent: Friday, January 24, 2003 11:11 PM
> Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
> 
> : I'm getting massive packet loss to various points on the globe.
> : I am seeing a lot of these in my tcpdump output on each
> : host.
> :
> : 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m:  udp 376
> : 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp
> port ms-sql-m unreachable [tos 0xc0
> :
> : It looks like there's a worm affecting MS SQL Server which is
> : pingflooding addresses at some random sequence.
> :
> : All admins with access to routers should block port 1434 (ms-sql-m)!
> :
> : Everyone running MS SQL Server shut it the hell down or make
> : sure it can't access the internet proper!
> :
> : I make no guarantees that this information is correct, test it
> : out for yourself!
> :
> : --
> : Michael Bacarella                  24/7 phone: 646 641-8662
> : Netgraft Corporation                   http://netgraft.com/
> :       "unique technologies to empower your business"
> :
> : Finger email address for public key.  Key fingerprint:
> :   C40C CB1E D2F6 7628 6308  F554 7A68 A5CF 0BD8 C055
> :
> 
> --
> GTER list    http://eng.registro.br/mailman/listinfo/gter



More information about the gter mailing list