|reply to Stem Bolt |
Re: 10 Years After SQL Slammer
That was quite the night. I remember my first 1434 hit came from a site in Poland which was notorious for infections which really tipped off something was up. I had done a presentation couple of months before for a number of 3 letter agencies and military organizations about issues around UDP port 1434, but up till then it appeared to be a non-issue. I remember grabbing a capture of the traffic, having a quick look and then getting on the phone to call up various response groups but by then it was to late, as this worm was nothing short of incredible and whoever wrote it really did think of pretty much everything, except I'm betting even they were surprised at how fast it spread. As a coder I'd have to tip my hat to the author of SQL Slammer, as nothing since has compared to its simple elegance and speed of propagation and I'd be almost willing to bet had the same author as main Code Red author.
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool