[unisog] earlier report of SQL slapper worm
tep at sdsc.edu
Tue Jan 28 21:36:12 GMT 2003
>>>>> On Tue, 28 Jan 2003 10:39:32 -0800, Peter Van Epp <vanepp at sfu.ca> said:
PVE> I'm currently scanning our argus logs from months past for accesses on
PVE> 1433 and 1434 to see if I can see probes of the 5 machines that were hit here.
PVE> Most of the hits on our machines occurred in the first 2 minutes of the attack
PVE> which makes me think that the machines were pretargetted and seeded into one
PVE> or more attack machines. I'd encourage anyone else with historic argus logs to
PVE> also look back and see what we can see ...
Being hit in the first 2 minutes doesn't mean that yoou were in the
"hit list". It seems to have hit 100K+ machines in the first 5
I think that CAIDA will have some analysis up Real Soon Now.
Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center
More information about the unisog