dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
627
share rss forum feed


Stem Bolt
Aka Smiling Bob
Premium
join:2002-11-08
Cleveland, OH
kudos:2

1 recommendation

10 Years After SQL Slammer

»threatpost.com/en_us/blogs/insid···r-102010

quote:
On Jan. 25, 2003, a new worm took the Internet by storm, infecting thousands of servers running Microsoft's SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code.

psloss
Premium
join:2002-02-24
Lebanon, KS

1 recommendation

Looks like the old thread is still available, too:
»New Worm - UDP 1434 - SQL Server Monitor??



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by psloss:

Looks like the old thread is still available, too:
»New Worm - UDP 1434 - SQL Server Monitor??

Wow, you can still reply too!


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to Stem Bolt

That was quite the night. I remember my first 1434 hit came from a site in Poland which was notorious for infections which really tipped off something was up. I had done a presentation couple of months before for a number of 3 letter agencies and military organizations about issues around UDP port 1434, but up till then it appeared to be a non-issue. I remember grabbing a capture of the traffic, having a quick look and then getting on the phone to call up various response groups but by then it was to late, as this worm was nothing short of incredible and whoever wrote it really did think of pretty much everything, except I'm betting even they were surprised at how fast it spread. As a coder I'd have to tip my hat to the author of SQL Slammer, as nothing since has compared to its simple elegance and speed of propagation and I'd be almost willing to bet had the same author as main Code Red author.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Stem Bolt

Slammer was a wannabe

I remember the Stoned virus. There's even a thread about it although it'd been around long (about 10 years) before that.

Can't get rid of Stoned.D.2
--
Don't feed trolls--it only makes them grow!



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to Stem Bolt

What time UTC did this thread get started at?

»New Worm - UDP 1434 - SQL Server Monitor??

Blake



Woody79_00
I run Linux am I still a PC?
Premium
join:2004-07-08
united state
reply to Link Logger

Agreed Link Logger. I remember that day well, my firewalls at work (my old job) got hammered by that thing. That was the day I was thankful for having a good backup plan in place.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Stem Bolt

See also:
• »it.slashdot.org/story/13/01/25/1···-slammer
• »en.wikipedia.org/wiki/Slammer_%2···_worm%29

--
Canadians reserve the Right to - Arm Bears