new SQL DOS worm

Printable View

January 25th, 2003, 01:55 PM
mohaughn

new SQL DOS worm

This is not a new vulnerability, but there is a new worm/virus that is exploiting it. THe vulnerability is MS02-039.

http://www.microsoft.com/technet/tre...n/ms02-039.asp

http://www.cnn.com/2003/TECH/interne....ap/index.html

I'll try to post more info once it is available.

More , they are calling it SQLSlammer.

http://vil.nai.com/vil/content/v_99992.htm.
http://securityresponse.symantec.com...lexp.worm.html

Luckily I was all patched with the machines I manage. Some of my coworkers were not so lucky. Of course I did get a 4am wake up call to check everything out.

Blocking port 1434 on your firewall is the quick and easy fix, but you should really install the patch, because once it is inside your firewall, it will wreak havoc on your network.
January 25th, 2003, 09:05 PM
neel

rioter:
http://www.antionline.com/showthread...hreadid=239119
and dislex:
http://www.antionline.com/showthread...hreadid=239123

both beat you in time ;)
January 25th, 2003, 09:06 PM
sambeckett

Internet Security systems Security Alert
http://bvlive01.iss.net/issEn/delive....jsp?oid=21824

Ongoing community feedback
http://www.issadvisor.com/
January 25th, 2003, 10:08 PM
neel

Quote:

DISLEX did not post before him (rioter did i agree)

Quote:

MASSIVE internet DDOS attacks.... posted Today 11:41 AM

Quote:

new SQL DOS worm posted Today 01:55 PM

According to the timestamps on the posts, dislex did post before mohaughn. Rioter was the first of all.
January 27th, 2003, 08:41 PM
mohaughn

I did not realize we were racing to post info. I was just sharing what I knew so that other people had the info.. I would have replied to the other posts, but given that this was a security issue in a Microsoft product I felt that this was the proper forum, not general chit-chat.

After all, the description for general chit-chat says you can discuss anything you like there, as long as it doesn't belong in a different forum.