[Dshield] What were the hackers trying to do?

Richard Golodner RGolodner at Aetea.com
Mon Mar 3 15:18:59 GMT 2003


it should, but you know what should means, crazy!

-----Original Message-----
From: KJS_Public [mailto:kjs_public at sbcglobal.net]
Sent: Monday, March 03, 2003 9:09 AM
To: list at dshield.org
Subject: Re: [Dshield] What were the hackers trying to do?



| >
| > 3/3/2003 3:55:59 AM,Kevin,"This one time, the user has chosen to
""block"" communications.","This one time, the user has chosen to
""block"" communications. Inbound UDP packet Local address,service is
(testadler-i1(999.999.190.58),ms-sql-m(1434)) Remote address,service
is (10.0.1.40,1502) Process name is ""N/A"""
|
| This packet is interesting. It looks like SQL Slammer. It is
possible that this comes from an infected lan machine an due to lack
of ingress/egress filtering between you and the source the packet
makes it true.
|
Guess I still don't understand. It came through my ISP. Are you saying
that an infected LAN passed this to my ISP and they let it through to
me? Shouldn't my ISP be filtering this type of traffic?


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list