[unisog] MS-SQL Zombie DDoS

James Van Houten jvanhouten at loyola.edu
Sat Jan 25 23:35:14 GMT 2003

Cam and the group:

You might also find

We received our first udp port 1434 probe at 00:30:05 est.

Looks like it might also be causing trouble with the cisco netflow bug. 
Check out the link.

If anyone has logs of udp port 1434 sourced from our net
( please drop us a note.



James D. Van Houten
Sr. Security Engineer / Consultant
Loyola College in Maryland
KH-105, +1.443.324.5899

>>> "cam {Cam Beasley, ISO}" <cam at forum.utexas.edu> 01/25/03 16:13 PM

Colleagues --

At approximately 23:30 24-Jan-2003 CST, MS-SQL
zombies rose up, creating a DDoS on port 1434/udp..

We've seen zombie hosts from dozens of ISPs..

More information on the SQL buffer overflow and
exploits can be read here:



Cam Beasley
ITS/Information Security Office
The University of Texas at Austin

More information about the unisog mailing list