Cheers,
Symon
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: 26 January 2003 20:02
To: [EMAIL PROTECTED]
Subject: UDP port 1434 [7:61891]
d tran wrote:
> You wouldn't have to fight the udp 1434 problem had you decided to
> scrap the shitty MS SQL serve
Amen!
We are not running any Windows SQL and are only running MySQL on Linux.
Here is what we turned away at the front door in the past 12 hours on one
20MB connection:
deny udp any any eq 1434 (205647 matches)
Here is Cisco's link:
http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.s
comments inline...
> Anyone have a link to a good technical document
> about the worm?
>
> Thanks,
>
> Priscilla
Below is from bugtraq:
SQL Sapphire Worm Analysis
Release Date:
1/25/03
Severity:
High
Systems Affected:
Microsoft SQL Server 2000 pre SP 2
Description:
Late Friday, January 24,
It deleted my post
Here is the link again:
http://www.eeye.com/html/Research/Flash/AL20030125.html
Symon
-Original Message-
From: Symon Thurlow
Sent: 26 January 2003 21:04
To: [EMAIL PROTECTED]
Subject: RE: UDP port 1434 [7:61891]
Cheers,
Symon
-Original Message-
From
the "dumb butts" are allowing access to SQL from public networks. how
difficult is it to filter stuff out? SQL boxes should be on private
networks, no routes to public, second or third tier, etc. Y2K all
over... This time in security business. Bunch of con artists claiming to
be security expert
We do have machines running flavors of MS-SQL on our network both in
production and in classrooms/labs. These are the stats from about 8
A.M. on Saturday to 3:08 P.M. on Sunday for several of our access-lists.
Keep in mind this is only from the two RSMs in one core 5500 and it's
only internal tra
""l0stbyte"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> the "dumb butts" are allowing access to SQL from public networks. how
> difficult is it to filter stuff out? SQL boxes should be on private
> networks, no routes to public, second or third tier, etc. Y2K all
> over... Thi
what's amazing are the assumptions that people are making--who says tht BoA
servers or any BoA database were comprimised? who says they are even
running MS-SQL? Read how the worm is spreading and you will understand
that you dont have to be running anything that can be affected by the worm.
my g
While trying to modify the ACL's, I had to disable two trunks into that
switch. I could telnet into the supervisor no problem. When I tried
"sess 4" or "sess 7" I would get a timeout.
I read reports of routers hanging under the load. This what I think
happened to BofA. The routers probably cou
""Ken Diliberto"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> While trying to modify the ACL's, I had to disable two trunks into that
> switch. I could telnet into the supervisor no problem. When I tried
> "sess 4" or "sess 7" I would get a timeout.
>
> I read reports of rout
Good points. How much bandwidth goes to some of the remote ATMs? Probably
very little. They probably got crunched by the huge number of UDP packets.
Of course, better filtering would have prevented that.
But there's no need to assume that BoA runs MS-SQL or to worry that private
info was compromi
Maybe this is a silly question considering where I work, but is it
common for huge banks to connect their ATMs to their data centers over
the Internet? We certainly don't do that, and wouldn't even consider
doing it, so I was surprised that BofA appears to be doing just that.
Then again, they pro
Well, that's a good point. The UDP traffic jam probably didn't spread out to
the edges of the network, where the ATMs are, as I had been thinking. The
ATMs probably use private, non-routable addresses (non-routable over the
Internet anyway). The bottleneck was probably more in the core of BoA's
net
ble as
far as I know)
"John
Neiberger"
cc:
Sent by: Subject:
utomatic teller machines are going to disappear.
Paul Forbes
Network Engineer
Trimble
> -Original Message-
> From: John Neiberger [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 27, 2003 10:51 AM
> To: [EMAIL PROTECTED]
> Subject: Re: UDP port 1434 [7:61891]
>
&g
""John Neiberger"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Maybe this is a silly question considering where I work, but is it
> common for huge banks to connect their ATMs to their data centers over
> the Internet? We certainly don't do that, and wouldn't even consider
> d
Chuck,
If I'm the Ken you're talking about and I actually said that, then I
must really need a nap. :-)
We're a university, where Microsoft rules. :-(
I'd like to tell you how many MS-SQL servers we have, but I don't have
a clue. There are probably some running in the dorms. We have entire
l
sorry, Ken, I've read so much crap about saphire and 1434 the last couple of
days that I forget who said what. sorry for misrepresenting you as a result
of my frazzled brain.
given the large installation of MS SQL devices on your campus, may we blame
you and your wards for the problem? ;->
Chuc
Well, um, yes. Although I removed us as part of the problem as soon as
I noticed we were. :-)
>>> "The Long and Winding Road"
01/28/03 02:36PM >>>
sorry, Ken, I've read so much crap about saphire and 1434 the last
couple of
days that I forget who said what. sorry for misrepresenting you as a
re
19 matches
Mail list logo
