[unisog] udp port 1434 worm?

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Sat Jan 25 15:39:12 GMT 2003


We had 10-ish systems compromised so far, and their outbound scanning 
traffic was enough to nearly cripple our outbound Internet link.

First write-up I've seen on "MS Sapphire":  (named after the gin, which 
coincidentally I also had too many of last night)

http://www.eeye.com/html/Research/Flash/AL20030125.html

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================





Rich Graves <rcgraves at brandeis.edu>
01/25/2003 02:41 AM

 
        To:     unisog at sans.org
        cc: 
        Subject:        [unisog] udp port 1434 worm?


anyone isolated it yet? we've yanked a half dozen machines in the last 2
hours. all seem to be windoze, possibly related to ms-sql server.

given the unusual lag we're seeing on internet2 i'm assuming this is a
shared experience.
-- 
Rich Graves <rcgraves at brandeis.edu>
UNet Systems Administrator






More information about the unisog mailing list