[unisog] earlier report of SQL slapper worm

Tom Perrine tep at sdsc.edu
Tue Jan 28 21:36:12 GMT 2003


>>>>> On Tue, 28 Jan 2003 10:39:32 -0800, Peter Van Epp <vanepp at sfu.ca> said:

    PVE> 	I'm currently scanning our argus logs from months past for accesses on 
    PVE> 1433 and 1434 to see if I can see probes of the 5 machines that were hit here. 
    PVE> Most of the hits on our machines occurred in the first 2 minutes of the attack 
    PVE> which makes me think that the machines were pretargetted and seeded into one 
    PVE> or more attack machines. I'd encourage anyone else with historic argus logs to 
    PVE> also look back and see what we can see ...

Being hit in the first 2 minutes doesn't mean that yoou were in the
"hit list".  It seems to have hit 100K+ machines in the first 5
minutes.

I think that CAIDA will have some analysis up Real Soon Now.

--tep

-- 
Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     | 



More information about the unisog mailing list