On Sat, Jan 25, 2003 at 11:21:14AM +0100 Alex Bik(alex at bit.nl) wrote:
On Sat, 25 Jan 2003, Arien Vijn wrote:
It seems to be no DoS attack.
No DoS attack?
It seems to be a worm with the effect of a DoS attack. So DoS is the result, but it's not really an attack. The huge bandwith consumtion with small packets cause problems at the source rather than at the destination. More or less like code red, but far worse and without a fixed destination address.
It's a full blown microsoft powered dos. I just spoke to Joris de Mooij from Tiscali, blocking ports 1433 and 1434 on both udp and tcp seems to be the remedy. It's a worm based on multiple buffer overruns in the ms sql server. more info on: - http://www.intelenet.net/news/mssql-udp.txt (from nanog) - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/... For those having trouble, good luck! Tycho -- Tycho Eggen (Unix|Network|Social) Engineer tycho at e-dude.org +31 6 41 824 855 "Don't worry over what other people are thinking about you." "They're too busy worrying over what you are thinking about them."