[Dshield] SQLSnake

Jon R. Kibler Jon.Kibler at aset.com
Tue Jul 9 19:03:36 GMT 2002

To All:

It amazes me how many times each day we are still getting hit with SQLsnake probes. Given the nature of this worm -- as I understand it, it exploits the lack of a password on a server admin account -- I would think that someone would have developed a 'snake killer' that would simply shut down the infected system. That is, the program would also take advantage of the lack of proper passwords to issue the command(s) to shut down the server.

Is this indeed possible? (If not, what am I missing?) Has such a program been developed and from where is it available?

Jon R. Kibler
Advanced Systems Engineering Technology, Inc.
Mt. Pleasant, SC (Charleston) USA

More information about the list mailing list