[unisog] MS-SQL Zombie DDoS

cam {Cam Beasley, ISO} cam at forum.utexas.edu
Mon Jan 27 18:23:33 GMT 2003

%>More MSDE2000 apps that are potentially vulnerable (not certain
%>that all are network aware)..

Many of the MSDE applications do not open ports to the network
interface, only to localhost. I don't think that these apps
are vulnerable to attack -- unless super weird internal 
bridging from private ==> public occurs.

If the originating address ( in this case below)
is not accessible to the Internet, then there shouldn't be a
risk of infection..  If the IP is public, then yes..

Folks can check their Windows systems to see whether 
any MSDE apps are vulnerable. From the command line, type

   netstat -an | find "1434"

If port 1434 is open, the response will be something along the 
lines of:

   UDP         LISTENING

Otherwise you'll just get the command prompt back again.


Cam Beasley
ITS/Information Security Office    
The University of Texas at Austin        

More information about the unisog mailing list