[unisog] MS-SQL Zombie DDoS

cam {Cam Beasley, ISO} cam at forum.utexas.edu
Mon Jan 27 18:23:33 GMT 2003



%>More MSDE2000 apps that are potentially vulnerable (not certain
%>that all are network aware)..
%>
%><http://sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13>

Many of the MSDE applications do not open ports to the network
interface, only to localhost. I don't think that these apps
are vulnerable to attack -- unless super weird internal 
bridging from private ==> public occurs.

If the originating address (192.168.10.13 in this case below)
is not accessible to the Internet, then there shouldn't be a
risk of infection..  If the IP is public, then yes..

Folks can check their Windows systems to see whether 
any MSDE apps are vulnerable. From the command line, type

   netstat -an | find "1434"

If port 1434 is open, the response will be something along the 
lines of:

   UDP    192.168.10.13:1434        0.0.0.0:0         LISTENING

Otherwise you'll just get the command prompt back again.

~cam.

Cam Beasley
ITS/Information Security Office    
The University of Texas at Austin        
512.475.9242
               



More information about the unisog mailing list