Jimmy asked me to repost this to CRIME. It appears our systems were hit at about 9:30pm on Friday night (Jan 24). The resulting barrage essentially took down a portion of the our network for about two hours, making our servers and the internet, hence the CRIME list unreachable. Sarah > From: "Kuo, Jimmy" <Jimmy_Kuo@private> > To: crime@private > Subject: CRIME FW: ISS Security Brief: Microsoft SQL Slammer Worm Propagation > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Brief > January 25, 2003 > > Microsoft SQL Slammer Worm Propagation > > Synopsis: > > ISS X-Force has learned of a worm that is spreading via Microsoft SQL > servers. The worm is responsible for large amounts of Internet traffic > as > well as millions of UDP/IP probes at the time of this alert's > publication. > This worm attempts to exploit MS/SQL servers vulnerable to the SQL > Server > Resolution service buffer overflow (CVE CAN-2002-0649). Once a > vulnerable > computer is compromised, the worm will infect that target, randomly > select a > new target, and resend the exploit and propagation code to that host. > > Impact: > > Although the Slammer worm is not destructive to the infected host, it > does generate a damaging level of network traffic when it scans for > additional > targets. A large amount of network traffic is created by the worm, > which > scans random IP addresses for vulnerable servers. > > For the complete ISS X-Force Security Advisory, please visit: > http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21824 > ______ > > About Internet Security Systems (ISS) > Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a > pioneer and world leader in software and services that protect critical > online resources from an ever-changing spectrum of threats and misuse. > Internet Security Systems is headquartered in Atlanta, GA, with > additional operations throughout the Americas, Asia, Australia, Europe > and the Middle East. > > Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved > worldwide. > > Permission is hereby granted for the electronic redistribution of this > document. It is not to be edited or altered in any way without the > express written consent of the Internet Security Systems X-Force. If you > wish to reprint the whole or any part of this document in any other > medium excluding electronic media, please email xforce@private for > permission. > > Disclaimer: The information within this paper may change without notice. > Use of this information constitutes acceptance for use in an AS IS > condition. There are NO warranties, implied or otherwise, with regard to > this information or its use. Any use of this information is at the > user's risk. In no event shall the author/distributor (Internet Security > Systems X-Force) be held liable for any damages whatsoever arising out > of or in connection with the use or spread of this information. X-Force > PGP Key available on MIT's PGP key server and PGP.com's key server, as > well as at http://www.iss.net/security_center/sensitive.php > Please send suggestions, updates, and comments to: X-Force > xforce@private of Internet Security Systems, Inc. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBPjJ5djRfJiV99eG9AQGzegP+IdRuktMeXlMj/KuvbJt5ZhNxOn80UoGj > 73mLUIBsOfd9IQmujI8fpa+9IVWtTGqwWTb2HjQuEB4Dqx/vp2uDZQQecJEqdNow > HpAF4CBz4gFniyTrWYZYkC1GPZB63hsvMix3ZuHy8/53+gZqh84bChiewWuBABvY > ReQ8Ykm7pjk= > =FOZU > -----END PGP SIGNATURE----- > >
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 16:21:16 PST