Educause Security Discussion mailing list archives
new outbreak of Slammer?
From: Scott Genung <sagenung () ILSTU EDU>
Date: Wed, 25 Aug 2004 10:28:22 -0500
All, We are seeing large volumes of DoS traffic originating from what appears to be a new outbreak of Slammer. It all started around 4:30p yesterday afternoon and has doubled our inbound Internet volume. We are effectively blocking this traffic at the edge our network through filters and IPS. Anyone else seeing this? Below is one page of the logs we see on our IPS. Hit Count Time Name Category Type Src. Addr. Src. Port Dst. Addr. Dst. Port Device Segment Severity Trace 1 08/25/2004 09:58:25 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.4.43.20 2656 138.87.205.1 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:54:43 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.4.43.20 2656 138.87.88.42 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:59:09 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.4.117.112 1038 138.87.209.231 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:07:25 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.7.201.213 1421 138.87.10.94 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:55:33 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.7.201.213 1421 138.87.119.0 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:08:47 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.7.201.213 1421 138.87.253.215 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:15:54 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.128.176 1049 138.87.135.161 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:58:01 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.128.176 1049 138.87.115.126 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:57:33 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.167.4 3471 138.87.69.121 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:02:58 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.167.4 3471 138.87.51.74 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:56:13 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.167.4 3471 138.87.200.43 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:11:36 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.167.4 3471 138.87.233.99 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:08:01 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.167.4 3471 138.87.14.215 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:55:57 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.10.167.4 3471 138.87.175.130 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:51:16 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.11.254.155 3377 138.87.164.144 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:08:31 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.11.254.155 3377 138.87.160.85 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:05:58 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.16.224.138 2827 138.87.72.48 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:15:09 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.34.132.171 3363 138.87.254.30 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:53:01 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.34.132.171 3363 138.87.207.129 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:01:23 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.46.99.0 1461 138.87.228.10 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:02:16 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.46.99.0 1461 138.87.192.137 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:07:00 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.46.99.0 1461 138.87.12.4 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:51:31 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.46.99.0 1461 138.87.17.4 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:10:23 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.231.144 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:05:59 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.119.9 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:58:28 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.38.119 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:59:21 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.214.43 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:03:59 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.185.96 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:01:50 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.76.24 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:04:17 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.47.238.235 3101 138.87.98.155 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:56:44 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.60.48.218 4879 138.87.190.87 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 09:56:53 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.60.48.218 4879 138.87.149.229 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:01:36 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.60.48.218 4879 138.87.158.18 1434 stv7Dips1 STV-GW Critical 0 1 08/25/2004 10:13:09 AM 1456: MS-SQL: Slammer-Sapphire Worm Attacks - Exploits Block 4.60.48.218 4879 138.87.239.251 1434 stv7Dips1 STV-GW Critical 0 Scott Genung Manager of Networking Systems Telecommunications and Networking Illinois State University 124 Julian Hall Normal, IL 61790-3500 Phone: (309)438-7258 Web: http://www.tel.ilstu.edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- new outbreak of Slammer? Scott Genung (Aug 25)
- <Possible follow-ups>
- Re: new outbreak of Slammer? Doug Pearson (Aug 25)