l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2003 Jan 25 16:14

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] OT: Hole in MS SQL server (unpatched)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] OT: Hole in MS SQL server (unpatched)



on Sat, Jan 25, 2003 at 08:56:23AM -0800, Rod Roark (rod@sunsetsystems.com) wrote:
> On Saturday 25 January 2003 08:32 am, ME wrote:
> > *Ohhhhh* *This* certainly is a security announcement for *this* list. ;-)
> >
> > With subject titles like
> > "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
> >
> > I am mildly amused... Part of me wants to reply to a post and suggest: "In
> > order to decrease risk for this attack, it is suggested that you upgrade
> > from MS Windows to a Linux system such as Debian Linux with either
> > Postgresql or mySQL."
> >
> > http://online.securityfocus.com/archive/1/308306
> >
> > Heheh heheh.. I write this to the list for two reasons:
> > 1) Humor (Most of use are running Linux, and can pause to laugh)
> > 2) So you can know why you might see excessive hits on a port if you
> > monitor port scans for services.

> Yeah, I logged 151 scans of that port in the wee hours
> today. All from different sources.
> 
> Given the timing and ease of fending off the attack, the
> main impact seems to be drawing attention to the severity of
> vulnerabilities in MS servers. One has to wonder if that was
> the intent, and if so, for what reason.

The main impact was somewhat more pronounced than that:

    http://average.matrix.net/ 

My take is that either load on routers (which took a lot of UDP hits)
was singificant, or routers were deliberately disabled (at least
temporarially) in an attempt to halt the spread of the worm.

Several friends have noted that routing has been seriously disrupted,
though this may actually predate the MSSQL worm.  One thought is that
some ISPs may backend their DNS on MS SQL.  That's sourced straight out
of /dev/ass, anyone know if there might be some merit to this
hypothesis?

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Geek for hire:  http://kmself.home.netcom.com/resume.html
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!