[unisog] New slammer variant?

MaryBeth Stuenkel maryb at umich.edu
Mon Dec 1 22:42:14 GMT 2003


We had a mini-rash of slammer-like activity in October which was traced 
to software upgrades that overwrote patches or started up SQL server, in 
particular Backup Exec.

--MaryBeth

Ken Connelly wrote:

> I've been seeing scans for 1433 at or near the top of my list of ports 
> scanned for in our class B for ~3 weeks.  I don't have much more 
> information than that to share, but it's been cranking.
> 
> - ken
> 
> Brendan Murphy wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Over the last couple of days we've seen some (apparently patched) 
>> machines get hit with what appears to be Slammer.  I've noticed that 
>> the SANS Incidents site is showing an increase in MSSQL-related 
>> traffic, but I've yet to hear of anything about a new worm ...
>>
>> Anyone else running into this???
>>
>> Cheers,
>> Brendan Murphy
>> - -- Network/DSL/Video
>> Computing, Information, and Network Services (CINS)
>> http://www.cudenver.edu/cins
>> University of Colorado at Denver
>> Tel (303)556-4308 / Helpdesk (303)556-6100
>> Fax (303)556-2318
>> ~~~
>> "Success is a journey, not a destination.  The doing
>>  is usually more important than the outcome."
>>     - Arthur Ashe
>>
>> Public GPG Key at http://carbon.cudenver.edu/~bmurphy/bmurphy.gpg
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.3 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQE/y6vRI488DNrkKHARAjhiAJsFRAXH3BENiJOSrp626wgBhqxx+wCggO7O
>> aNvy+GxQ3SkR0VDGcoVsDaA=
>> =lfT9
>> -----END PGP SIGNATURE-----
>>
> 



More information about the unisog mailing list