Security Incidents mailing list archives
Re: Increased activity on UDP/1434
From: "Sam Evans" <sam () neuroflux com>
Date: Sat, 25 Jan 2003 07:32:36 -0700
It's a new MS-SQL Worm that, from what I have been reading, is taking advantage of the following vulnerability: http://www.nextgenss.com/advisories/mssql-udp.txt We have seen an enormous amount of this traffic as of 1:09 AM (GMT -7) -Sam ----- Original Message ----- From: "Dmitri Smirnov" <Dmitri.Smirnov () fusepoint com> To: <incidents () securityfocus com> Sent: Saturday, January 25, 2003 12:05 AM Subject: Increased activity on UDP/1434 Having a big number of connections on UDP/1434 from a random IPs in Internet on a different networks. One hour ago (22:00 PST) one server in colo space started to initiate a hundreds of connection per second to diff. hosts on Internet to port UDP/1434 (isolated). New worms? DDoS? Is anyone experience the same? Dmitri Smirnov, SSCP Security Team Fusepoint Managed Services Inc. Suite 2323, Three Bentall Centre 595 Burrard Street P.O. Box 49336 Vancouver B.C. V7X 1L4 Phone: (604) 687-7757 Fax: (604) 687-7761 Email: Dmitri.Smirnov () fusepoint com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increased activity on UDP/1434 Dmitri Smirnov (Jan 25)
- Re: Increased activity on UDP/1434 Sam Evans (Jan 26)
- Re: Increased activity on UDP/1434 Dejan (Jan 26)
- Re: Increased activity on UDP/1434 Dave Aitel (Jan 26)
- <Possible follow-ups>
- Re: Increased activity on UDP/1434 slswick (Jan 26)