[Dshield] What were the hackers trying to do?
RGolodner at Aetea.com
Mon Mar 3 15:18:59 GMT 2003
it should, but you know what should means, crazy!
From: KJS_Public [mailto:kjs_public at sbcglobal.net]
Sent: Monday, March 03, 2003 9:09 AM
To: list at dshield.org
Subject: Re: [Dshield] What were the hackers trying to do?
| > 3/3/2003 3:55:59 AM,Kevin,"This one time, the user has chosen to
""block"" communications.","This one time, the user has chosen to
""block"" communications. Inbound UDP packet Local address,service is
(testadler-i1(999.999.190.58),ms-sql-m(1434)) Remote address,service
is (10.0.1.40,1502) Process name is ""N/A"""
| This packet is interesting. It looks like SQL Slammer. It is
possible that this comes from an infected lan machine an due to lack
of ingress/egress filtering between you and the source the packet
makes it true.
Guess I still don't understand. It came through my ISP. Are you saying
that an infected LAN passed this to my ISP and they let it through to
me? Shouldn't my ISP be filtering this type of traffic?
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list