MS SQL Server Worm Wreaking Havoc

[BearCat]

Copied from www.slashdot.org

Quote:

Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server.
Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard.
This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability
published in June 2002. Several core routers have taken to blocking port 1434 outright.
If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP
packets sent to port 1434." bani adds "This has effectively disabled 5 of the 13 root nameservers."

For more info, vistt http://www.internetpulse.net/

Edit :
Actually it seems like UUNET / PIPEX has been having this problem for some time, according to a tracreoute yesterday,
showing a BIG delay at UUNET / PIPEX suddenly showing up.

[PcDad]

Yep... this from no-ip.com:

Code:

No-IP.com Network status update:
The Level(3) network, as well as many other internet providers are currently under a distributed denial of service (DDOS) attack based on a MS SQL exploit. The Level(3) network engineers are currently focusing all efforts on this issue. We will keep you posted as to the status of this issue.

Currently web redirects and access to the No-IP website is affected. Update clients will most likely receive a connection failed warning.

[Grzyb]

Quote:

No-IP.com Network status update:
The Level(3) network, as well as many other internet providers are currently under a distributed denial of service (DDOS) attack based on a MS SQL exploit. The Level(3) network engineers are currently focusing all efforts on this issue. We will keep you posted as to the status of this issue.

Currently web redirects and access to the No-IP website is affected. Update clients will most likely receive a connection failed warning.

DNS resolution is available via our remote site as well as the spooling of mail.

There is now an article posted on slashdot.org regarding this issue. Here is the posting:

"Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434." bani adds "This has effectively disabled 5 of the 13 root nameservers."

Last updated: Jan 25, 04:51 PDT

Looks like a biggie

I use No-ip as my re-director....So I'm sk****d until they resolve it....

[BearCat]

Raise your hands, anyone who thinks MS is using their own products, without patching it

I can log on to MS Messenger using my *.@hotmail.com account, but when I try using my
*@msn.com account to log on, either to Messenger or to my mailbox,
the .Net services gives me this :

[Nichotin]

what a pity. i guess people should think twice the next time they use microsoft products.

[nnuxx]

Quote:

Originally posted by BearCat@Jan 26 2003, 10:02 PM
Raise your hands, anyone who thinks MS is using their own products, without patching it

lololol