I'm seeing the same thing... Apparently it's spreading around quite nicely :( Looks like one of our workstations got hit at around 21:30 Pacific Patrick Finch At 02:11 AM 1/25/2003 -0500, Michael Bacarella wrote: >I'm getting massive packet loss to various points on the globe. >I am seeing a lot of these in my tcpdump output on each >host. > >02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376 >02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp >port ms-sql-m unreachable [tos 0xc0 > >It looks like there's a worm affecting MS SQL Server which is >pingflooding addresses at some random sequence. > >All admins with access to routers should block port 1434 (ms-sql-m)! > >Everyone running MS SQL Server shut it the hell down or make >sure it can't access the internet proper! > >I make no guarantees that this information is correct, test it >out for yourself! > >-- >Michael Bacarella 24/7 phone: 646 641-8662 >Netgraft Corporation http://netgraft.com/ > "unique technologies to empower your business" > >Finger email address for public key. Key fingerprint: > C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 07:17:43 PST