Duh! Nevermind.
On Saturday 25 January 2003 2:32 pm, Rodney Richison wrote:
> Striving for clarity. If your running mysql and not M$ sql, you should be
> ok?
>
>
> Highest Regards
> Rodney Richison
> 918-358-1111
> www.rcrnet.net
> ----- Original Message -----
> From: "Danny Mallory" <[EMAIL PROTECTED]>
> To: "sambar List Member" <[EMAIL PROTECTED]>
> Sent: Saturday, January 25, 2003 1:23 PM
> Subject: [sambar] OffTopic: New Round of UDP Port 1434 Scans {02}
>
> > We have already been involved in this ourselves.. It appears that any SQL
>
> server 2k missing at least MS02-061 (cumulative) does not contain patches
> for MS02-039 (serveral vulnerabilities).. This specific hole exploits the
> vulnerability with the keep alive mechanism.
>
> > Although all of our SQL instances are in good shape, be prepared for some
>
> network saturation... Not as ugly as Nimda but it is already known to have
> created denial of services for other boxes in that subnet.
>
> > Danny
> >
> > On 25/Jan/2003 09:56:36, Jeff Adams wrote:
> > > This morning I woke up to find hundreds and hundreds of UDP port scans
>
> for
>
> > > port 1434 (all blocked, of course). I thought that was odd so I looked
>
> up
>
> > > what runs on port 1434 and found that's what Microsoft's SQL server
> > > uses. A couple minutes later I browsed to Yahoo! and saw a news story
> > > (below) that explained my scans.
> > >
> > > -Jeff
> > >
> > >
> > > <A TARGET="_blank"
>
> HREF="http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030125/ap_wo_
>e
> n_po/na_gen_internet_attack_2">http://story.news.yahoo.com/news?tmpl=story&;
>u =/ap/20030125/ap_wo_en_po/na_gen_internet_attack_2</a>
>
> > > Internet traffic broadly affected by electronic attack
> > > Sat Jan 25, 6:07 AM ET
> > >
> > > By TED BRIDIS, Associated Press Writer
> > >
> > > WASHINGTON - Traffic on the many parts of the Internet slowed
>
> dramatically
>
> > > early Saturday, the apparent effects of a fast-spreading, virus-like
> > > infection in the world's digital pipelines and interfering with Web
> > > browsing and delivery of e-mail.
> > >
> > > Sites monitoring the health of the Internet reported significant
>
> slowdowns
>
> > > globally. Experts said the latest electronic attack bore remarkable
> > > similarities to "Code Red" virus during the summer of 2001 which also
> > > ground traffic to a halt on much of the Internet.
> > >
> > > "It's not debilitating," said Howard Schmidt, one of President George
> > > W. Bush (news - web sites)'s top cyber-security advisers. "Everybody
> > > seems
>
> to
>
> > > be getting it under control." Schmidt said the FBI (news - web sites)'s
> > > National Infrastructure Protection Center and private experts at the
>
> CERT
>
> > > Coordination Center (news - web sites) were monitoring the attacks.
> > >
> > > The virus-like attack sought out vulnerable computers to infect on the
> > > Internet using a known flaw in popular database software from Microsoft
> > > Corp., called "SQL Server." But the attacking software code was
> > > scanning for victim computers so randomly and so aggressively sending
> > > out
>
> thousands
>
> > > of probes each second that it overwhelmed many Internet data pipelines.
> > >
> > > "This is like Code Red all over again," said Marc Maiffret, an
> > > executive with eEye Digital Security, whose engineers were among the
> > > earliest to study samples of the attack software. "The sheer number of
> > > attacks is eating up so much bandwidth that normal operations can't
> > > take place."
> > >
> > > The attack sought to take advantage of a software flaw discovered in
>
> July
>
> > > 2002 that permits hackers to infect corporate database servers.
>
> Microsoft
>
> > > deemed the problem "critical" and offered a free repairing patch, but
> > > it was impossible to know how many computer administrators applied the
> > > fix.
> > >
> > > "People need to do a better job about fixing vulnerabilities," Schmidt
>
> said.
>
> > > -------------------------------------------------------
> > > To unsubscribe please go to <A TARGET="_blank"
>
> HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</a>
>
> > -------------------------------------------------------
> > To unsubscribe please go to http://www.sambar.ch/list/
>
> -------------------------------------------------------
> To unsubscribe please go to http://www.sambar.ch/list/
--
Highest Regards,
Rodney Richison
RCR Computing
918-358-1111
www.rcrnet.net
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/
