New worm / port 1434?

• Previous message (by thread): New worm / port 1434?
• Next message (by thread): New worm / port 1434?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For those that are interested, here are a couple disassemblies of the
worm.
At least it was a non-persistant worm and didn't also damage the MSSQL
servers.
Could have been much worse... We could all not only be filtering routers
And cleaning up switches, we could also be explaining to customers why
their
Entire database of "stuff" disappeared or was stolen...


http://www.digitaloffense.net/worms/mssql_udp_worm/NOTES.TXT
http://www.boredom.org/~cstone/worm-annotated.txt
http://www.snafu.freedom.org/tmp/1434-probe.txt

Marcos
--
mdella at cstone.com | http://www.geekstyle.net



-----Original Message-----
From: Peter van Dijk [mailto:peter at dataloss.nl] 
Sent: Saturday, January 25, 2003 3:35 AM
To: Avleen Vig; nanog at nanog.org
Subject: Re: New worm / port 1434?



On Sat, Jan 25, 2003 at 08:05:33AM +0000, Gary Coates wrote:
> 
> Duplicated info.. But this is an old worm ;-(
> 
> http://www.cert.org/advisories/CA-1996-01.html

This is not the worm that's spreading now.

Greetz, Peter
-- 
peter at dataloss.nl  |  http://www.dataloss.nl/  |  Undernet:#clue

• Previous message (by thread): New worm / port 1434?
• Next message (by thread): New worm / port 1434?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]