dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
72

Rockster
Premium Member
join:2002-03-03
Brisbane AU

Rockster to Link Logger

Premium Member

to Link Logger

Re: New Worm - UDP 1434 - SQL Server Monitor??

Got my first hit on that port over two hours ago and so far have had around 150!

That maxed out my alert window (500) and I've only been online 10 hours.

chpalmer
join:2002-11-18
Belfair, WA

chpalmer

Member

Glad to see Im not alone!! Ive been hit about 200 times since it started...
spectre84
join:2002-07-01
Weatherford, OK

spectre84 to Rockster

Member

to Rockster
Just turned my log back on and have already been hit three times in less than five minutes. Looks like we're in for one hell of a time.

ircgeeks
Got Geek?
join:2002-11-29
Denver, CO

ircgeeks

Member

i am getting killed it even took down the DNS of one of my co located server's i am on the phone with there netadmin now and he is trying to download the patches and service packs at home so he can burn them and drive to the co lo to install them
inTulsa
Premium Member
join:2002-02-24

inTulsa to spectre84

Premium Member

to spectre84
Some detailed description of how it operates here:
»www.nextgenss.com/adviso ··· -udp.txt

ircgeeks
Got Geek?
join:2002-11-29
Denver, CO

ircgeeks

Member

Service packs to get we are kind of confused
sql2kasp3.exe 44598 KB sql2ksp3.exe 56435 KB
One is the database one is the analyze server do we need both to fix this problem

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to spectre84

MVM

to spectre84
I am starting to see a couple of double hits, meaning that I seeing a second hit from the same IP address. For example

Jan 25, 2003 06:27:56.560 UTC - (UDP) 207.178.1.10 : 1189 >>> 68.144.129.175 : 1434
Jan 25, 2003 09:05:41.690 UTC - (UDP) 207.178.1.10 : 1189 >>> 68.144.129.175 : 1434

and

Jan 25, 2003 06:25:03.521 UTC - (UDP) 129.59.218.33 : 1079 >>> 68.144.129.175 : 1434
Jan 25, 2003 07:45:48.177 UTC - (UDP) 129.59.218.33 : 1079 >>> 68.144.129.175 : 1434

which somewhat implies that these systems have been going hard for awhile. Glad I'm not paying the bandwidth bill for these guys.

Going through the list of systems that have scanned me, its sad that some of these guys didn't know better as they are so called leaders in the high tech sector.

Blake

CPUYODA
join:2003-01-25
Johnson City, TN

CPUYODA to Rockster

Member

to Rockster
»www.internetpulse.net/1/

Internet is dead......

Weird,I guess the FBI guys will be called in today.

Cheers!!
[text was edited by author 2003-01-25 04:51:03]
CPUYODA

CPUYODA

Member

I just got nailed on my firewall,heres the results:

Final results obtained from whois.apnic.net.
Results:
% [whois.apnic.net node-1]
% How to use this server »www.apnic.net/db/
% Whois data copyright terms »www.apnic.net/db/dbcopyr ··· ght.html

inetnum: 210.202.0.0 - 210.202.255.255
netname: APOL
descr: Asia Pacific On-line Services Inc.
descr: Internet Service Provider
descr: Taipei, Taiwan
country: TW
admin-c: AA91-AP
tech-c: AA91-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-TW-APOL
changed: hm-changed@apnic.net 20021217
status: ALLOCATED PORTABLE
source: APNIC

person: Admin APOL
nic-hdl: AA91-AP
e-mail: adm@apol.com.tw
address: 8F,No19-5,Sanchong Rd.,Nankang Dist.,Taipei,Taiwan,R.O.C.
phone: +886-2-55813300
fax-no: +886-2-26551515
country: TW
changed: adm@apol.com.tw 20021104
mnt-by: MAINT-TW-APOL
source: APNIC
vizionblind
join:2002-01-19
Bealeton, VA

vizionblind to Rockster

Member

to Rockster
playing battlefield 1942 last night and my ping as well as others skyrocketed to 1030