This morning I woke up to find hundreds and hundreds of UDP port scans for
port 1434 (all blocked, of course). I thought that was odd so I looked up
what runs on port 1434 and found that's what Microsoft's SQL server
uses. A couple minutes later I browsed to Yahoo! and saw a news story
(below) that explained my scans.
-Jeff
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030125/ap_wo_en_po/na_gen_internet_attack_2
Internet traffic broadly affected by electronic attack
Sat Jan 25, 6:07 AM ET
By TED BRIDIS, Associated Press Writer
WASHINGTON - Traffic on the many parts of the Internet slowed dramatically
early Saturday, the apparent effects of a fast-spreading, virus-like
infection in the world's digital pipelines and interfering with Web
browsing and delivery of e-mail.
Sites monitoring the health of the Internet reported significant slowdowns
globally. Experts said the latest electronic attack bore remarkable
similarities to "Code Red" virus during the summer of 2001 which also
ground traffic to a halt on much of the Internet.
"It's not debilitating," said Howard Schmidt, one of President George W.
Bush (news - web sites)'s top cyber-security advisers. "Everybody seems to
be getting it under control." Schmidt said the FBI (news - web sites)'s
National Infrastructure Protection Center and private experts at the CERT
Coordination Center (news - web sites) were monitoring the attacks.
The virus-like attack sought out vulnerable computers to infect on the
Internet using a known flaw in popular database software from Microsoft
Corp., called "SQL Server." But the attacking software code was scanning
for victim computers so randomly and so aggressively sending out thousands
of probes each second that it overwhelmed many Internet data pipelines.
"This is like Code Red all over again," said Marc Maiffret, an executive
with eEye Digital Security, whose engineers were among the earliest to
study samples of the attack software. "The sheer number of attacks is
eating up so much bandwidth that normal operations can't take place."
The attack sought to take advantage of a software flaw discovered in July
2002 that permits hackers to infect corporate database servers. Microsoft
deemed the problem "critical" and offered a free repairing patch, but it
was impossible to know how many computer administrators applied the fix.
"People need to do a better job about fixing vulnerabilities," Schmidt said.
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/
