"Trustworthy Computing" - welcomes the SQL Server worm.

by Charles Miller on January 25, 2003

I was wondering why my network connection was running so slowly, and why my modem was blinking when I wasn't really doing anything, so I pulled up tcpdump... and discovered thousands upon thousands of UDP packets coming in trying to find something on my home network (three machines on 8 publicly routeed IPs) that responded on port 1434.

Looks like there's a new Code Red, except this time it preys on Microsoft SQL Server. (1434 is SQL Server's "server resolution" port, for which a remote root exploit was discovered in July last year.) My network connection is being hammered, I can only imagine the rest of the Internet isn't faring very well either.

Hello, Internet-wide denial of service attack. Fuck you, Microsoft. Fuck you, incompetent server administrators who are not only too lazy to get off their stupid asses and upgrade a broken piece of software, but are too fucking clueless to put their servers behind a firewall and block access to administrative ports.

Previously: Categorisation

Next: Are Network Worms Healthy?