New worm / port 1434?
Mike Tancsa
mike at sentex.net
Sat Jan 25 08:50:05 UTC 2003
At 02:45 AM 1/25/2003 -0600, Jack Bates wrote:
>From: "Mike Tancsa"
>
> >
> >
> > Yes, I am seeing this big time. Are you sure its SQL server ? Thats
> > normally 1433 no ? Are there any other details somewhere about this ?
> >
><snip>
>
>All MS SQL servers listen to 1434 reguardless of the other ports they listen
>on. Depending on configuration depends on what other ports it uses (due to
>various security models), but 1434 is a constant in all configurations
>according to a quick search and a read on the last MS SQL vulnerability
>found in 7/2002.
Thanks, I have blocked the infected hosts in my customer colo space. Its
an eye opener how much traffic they generate on the local collision domain
they are on :-(
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the NANOG
mailing list