[Dshield] What were the hackers trying to do?
kjs_public at sbcglobal.net
Mon Mar 3 14:08:34 GMT 2003
| > 3/3/2003 3:55:59 AM,Kevin,"This one time, the user has chosen to
""block"" communications.","This one time, the user has chosen to
""block"" communications. Inbound UDP packet Local address,service is
(testadler-i1(999.999.190.58),ms-sql-m(1434)) Remote address,service
is (10.0.1.40,1502) Process name is ""N/A"""
| This packet is interesting. It looks like SQL Slammer. It is
possible that this comes from an infected lan machine an due to lack
of ingress/egress filtering between you and the source the packet
makes it true.
Guess I still don't understand. It came through my ISP. Are you saying
that an infected LAN passed this to my ISP and they let it through to
me? Shouldn't my ISP be filtering this type of traffic?
More information about the list