[MLB-WIRELESS] Fw: AusCERT Update AU-2003.002 - "Slammer" Worm Causing Wide Spread DDoS Effect
Steven Haigh
netwiz at optusnet.com.au
Sun Jan 26 01:19:39 EST 2003
And the official AusCERT notification...
Signed,
Steven Haigh
http://wireless.org.au
(Visit https://wireless.org.au to install our Root Certificate.)
You can lead a fool to wisdom but you can't make him think.
----- Original Message -----
From: <auscert at auscert.org.au>
To: <auscert-subscriber at auscert.org.au>
Sent: Sunday, January 26, 2003 1:07 AM
Subject: AusCERT Update AU-2003.002 - "Slammer" Worm Causing Wide Spread
DDoS Effect
> -----BEGIN PGP SIGNED MESSAGE-----
>
> AusCERT Update AU-2003.002 - "Slammer" Worm Causing Wide Spread DDoS
Effect
> 25 January 2003
>
> This AusCERT Update is to draw your attention to the recent and on-going
> DDoS (Distributed Denial of Service) which is having wide spread effect on
> the internet.
>
> An internet worm, nicknamed 'Slammer', is currently propagating via MS-SQL
> servers vulnerable to the buffer overrun issue in MS-SQL Server 2000
> Resolution Service, as described in Microsoft Security Bulletin MS02-039.
>
> This worm propagates by scanning for vulnerable servers using UDP port
1434.
> Upon a server becoming compromised, the worm loads its instructions into
> memory and begins scanning randomly for further prorogation. While
current
> analysis of the worm indicates that there is no malicious payload, the
> scanning activity produced by a compromised host can easily cause a denial
> of service attack due to the high rate of outbound UDP packets.
>
> AusCERT has received reports from Australian and international sites
> indicating a wide spread DDoS effect. One site has reported that a single
> compromised host has saturated an 8Mb/s internet connection.
>
> Major ISPs internationally are in the process of blocking UDP/1434 traffic
> both inbound and outbound in an attempt to mitigate the effects of this
> worm.
>
> AusCERT encourages members to apply relevant patches to their MS-SQL
> servers, and additionally consider filtering any unnecessary UDP/1434
> traffic at their border routers and firewalls.
>
> AusCERT will distribute further information as it becomes available.
>
>
> REFERENCES:
>
> Microsoft Security Bulletin MS02-039
> http://www.microsoft.com/technet/security/bulletin/MS02-039.asp
> http://www.auscert.org.au/render.html?it=2216
>
> ESB-2002.368 -- CERT Advisory CA-2002-22 -- Multiple Vulnerabilities
> in Microsoft SQL Server
> http://www.auscert.org.au/render.html?it=2220
>
>
> Regards,
>
> The AusCERT Team
>
>
===========================================================================
> Australian Computer Emergency Response Team
> The University of Queensland
> Brisbane
> Qld 4072
>
> Internet Email: auscert at auscert.org.au
> Facsimile: (07) 3365 7031
> Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
> AusCERT personnel answer during Queensland business hours
> which are GMT+10:00 (AEST).
> On call after hours for member emergencies only.
>
===========================================================================
>
> Regards,
>
> The AusCERT Team
>
>
===========================================================================
> Australian Computer Emergency Response Team
> The University of Queensland
> Brisbane
> Qld 4072
>
> Internet Email: auscert at auscert.org.au
> Facsimile: (07) 3365 7031
> Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
> AusCERT personnel answer during Queensland business hours
> which are GMT+10:00 (AEST).
> On call after hours for member emergencies only.
>
===========================================================================
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> Comment: http://www.auscert.org.au/render.html?it=1967
>
> iQCVAwUBPjMkeih9+71yA2DNAQH5uwQAm1OQTdN6vDcd3P7a0/9aZc7KhvxU4TI4
> vcXuWqz2PU+NfP+YzFO+a1iLiXYG3JPV1b5j50owXZylSe7YM1KWv5c0K4VTwnIf
> 3OVgS7DAjLXy0UxT0F4WxXoY+YU82uM1GZIJunI9G4XqLSK/PlSwTSRDNYX+53l6
> nkls6QIbp4E=
> =RIHA
> -----END PGP SIGNATURE-----
>
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list