[unisog] MS-SQL Zombie DDoS

James Van Houten jvanhouten at loyola.edu
Sat Jan 25 23:35:14 GMT 2003


Cam and the group:

You might also find
http://isc.incidents.org/analysis.html?id=180
helpful.

We received our first udp port 1434 probe at 00:30:05 est.

Looks like it might also be causing trouble with the cisco netflow bug. 
Check out the link.

If anyone has logs of udp port 1434 sourced from our net
(144.126.0.0/16) please drop us a note.

Thanks,

Jim



---
James D. Van Houten
Sr. Security Engineer / Consultant
Loyola College in Maryland
KH-105, +1.443.324.5899

>>> "cam {Cam Beasley, ISO}" <cam at forum.utexas.edu> 01/25/03 16:13 PM
>>>

Colleagues --

At approximately 23:30 24-Jan-2003 CST, MS-SQL
zombies rose up, creating a DDoS on port 1434/udp..

We've seen zombie hosts from dozens of ISPs..

More information on the SQL buffer overflow and
exploits can be read here:

http://www.nextgenss.com/advisories/mssql-udp.txt

~cam.

Cam Beasley
ITS/Information Security Office
The University of Texas at Austin
512.475.9242



More information about the unisog mailing list