Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Increased activity on UDP/1434

From: "Dejan" <sneaker () freemail org mk>
Date: Sat, 25 Jan 2003 15:44:23 +0100
It is an MsSql Worm spreading very fast.
Blocking UDP/1434 and patching Sql2000 servers that have public IP's
will solve the problem.
Link for the microsofts fix:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-039.asp


deJan



----- Original Message -----
From: "Dmitri Smirnov" <Dmitri.Smirnov () fusepoint com>
To: <incidents () securityfocus com>
Sent: Saturday, January 25, 2003 8:05 AM
Subject: Increased activity on UDP/1434



Having a big number of connections on UDP/1434 from a random IPs in
Internet on
a different networks. One hour ago (22:00 PST) one server in colo space
started to initiate
a hundreds of connection per second to diff. hosts on Internet to port
UDP/1434 (isolated).
New worms? DDoS? Is anyone experience the same?


Dmitri Smirnov, SSCP
Security Team
Fusepoint Managed Services Inc.
Suite 2323, Three Bentall Centre
595 Burrard Street
P.O. Box 49336
Vancouver B.C. V7X 1L4
Phone: (604) 687-7757
Fax: (604) 687-7761
Email: Dmitri.Smirnov () fusepoint com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: