Some of us have been dealing with this since 10:30pm yesterday... :) Alerts: http://www.ngssoftware.com/vna/ms-sql.txt http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21824 Code: http://www.digitaloffense.net/worms/mssql_udp_worm/ http://packetstormsecurity.org/0211-exploits/sql2.cpp Dale ====================================== "SUCCESS THROUGH TEAMWORK" Dale Drew Director, Global Security/AAA Engineering & Architecture Level(3) Communications, LLC 720-888-2963 | dale.drewat_private -----Original Message----- From: Uwe Dippel [mailto:udippelat_private] Sent: Saturday, January 25, 2003 4:52 AM To: incidentsat_private Subject: strange attacks - flood udp packets from 1030 to msql The subject says it. Strange behaviour and no clue here why. A server floods random (??) IP-addresses with udp-packets from iad1 to 1434 (msql), overflowing the external router,yadayadayada. DoS, in short. Anyone seen this before ?? Uwe __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 26 2003 - 20:11:32 PST