Full Disclosure mailing list archives
Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
From: Henrik Lund Kramshøj <hlk () kramse dk>
Date: Sun, 26 Jan 2003 14:14:33 +0100
On søndag, jan 26, 2003, at 06:52 Europe/Copenhagen, Schmehl, Paul L wrote:
Cyberterrorism???? Getting a bit hyped up, aren't we? It's just another stupid worm.
No, I dont think so Why do you consider it terrorism only when people are hurt directly? In Denmark where I live and many other countries monetary damage is being acted upon even more harsh than "just maiming/hurting" peopleNote that I dont say this is right, but in many places the punishment for
stealing somebodys property is harsher than if you hurt them physically - especially if you're drunk, people get away with murder by car etc. SO, the point is - was the damage caused big enough to consider this terrorism? Close call, but I dont think so, since the payload was rathernon-malicious and the real effect was a side effect. Had it been 376 byte
worm and 124 bytes HARMFULL code then I would consider this an act of cyberterrorism - even though the actual target in that case would be hard to predict. we hear quotes like:Starting 06:30 UTC ( 00:30 EST ) on Saturday Jan 25th 2003, worldwide traffic for port 1434 UDP increased rapidly causing major Internet links to fail. ISPs responded quickly by blocking port 1434. While traffic is still strong in some areas. It dropped to about 5% of peak globally.
Single ms-sql servers have been reported to generate traffic in excess of 50 MBit/sec. after being infected.
Keystone's Internet Health report is still reporting a link degradation: http://www1.internetpulse.net/ As a result of degraded links, root DNS servers and other resources have been unavailable at times.
"This has effectively disabled 5 of the 13 root nameservers." ------------------I would rate this quite serious, but thanks to the quick response from the network operators the people who should know this and update their servers in the future
WONT learn*sheeez* they already had the example of SQLsnake worm and Code Red, but STILL didnt do anything about this vuln, or even firewalled the port in the first place.
Best regards -- Henrik Lund Kramshøj hlk@{kramse.dk|inet6.dk|sikkerhedsforum.dk|security6.org} Please read email policy at http://www.kramse.dk/email _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!, (continued)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! madsaxon (Jan 25)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Nick Jacobsen (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! madsaxon (Jan 25)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Greg A. Woods (Jan 25)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! moksha faced (Jan 27)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jason Coombs (Jan 27)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Albert Sunseri (Jan 27)
- RE: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Brett Moore (Jan 27)
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Erik Enge (Jan 28)
- Re: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! David Howe (Jan 28)
- RE: Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Brett Moore (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Schmehl, Paul L (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Henrik Lund Kramshøj (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Blue Boar (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ka (Jan 26)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Henrik Lund Kramshøj (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ron DuFresne (Jan 26)
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! jmcguire (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Schmehl, Paul L (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! hellNbak (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Ron DuFresne (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Schmehl, Paul L (Jan 26)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! hellNbak (Jan 27)
- Re: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Nick Jacobsen (Jan 27)
- RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! hellNbak (Jan 27)