[unisog] MS-SQL Zombie DDoS

cam {Cam Beasley, ISO} cam at forum.utexas.edu
Mon Jan 27 17:40:28 GMT 2003

More MSDE2000 apps that are potentially vulnerable (not certain
that all are network aware)..


Also, we have confirmed an infected host targeting 1433/tcp..


Cam Beasley
ITS/Information Security Office    
The University of Texas at Austin        

%>-----Original Message-----
%>From: James Van Houten [mailto:jvanhouten at loyola.edu] 
%>Sent: Saturday, 25 January, 2003 17:35
%>To: unisog at sans.org
%>Subject: Re: [unisog] MS-SQL Zombie DDoS
%>Cam and the group:
%>You might also find
%>We received our first udp port 1434 probe at 00:30:05 est.
%>Looks like it might also be causing trouble with the cisco 
%>netflow bug. 
%>Check out the link.
%>If anyone has logs of udp port 1434 sourced from our net
%>( please drop us a note.
%>James D. Van Houten
%>Sr. Security Engineer / Consultant
%>Loyola College in Maryland
%>KH-105, +1.443.324.5899
%>>>> "cam {Cam Beasley, ISO}" <cam at forum.utexas.edu> 01/25/03 16:13 PM
%>Colleagues --
%>At approximately 23:30 24-Jan-2003 CST, MS-SQL
%>zombies rose up, creating a DDoS on port 1434/udp..
%>We've seen zombie hosts from dozens of ISPs..
%>More information on the SQL buffer overflow and
%>exploits can be read here:
%>Cam Beasley
%>ITS/Information Security Office
%>The University of Texas at Austin

More information about the unisog mailing list