[55073] in North American Network Operators' Group
Re: New worm / port 1434?
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Sat Jan 25 06:19:21 2003
Date: Sat, 25 Jan 2003 03:50:05 -0500
To: "Jack Bates" <jbates@brightok.net>
From: Mike Tancsa <mike@sentex.net>
Cc: nanog@nanog.org
In-Reply-To: <017f01c2c44e$13fc7300$72907b40@jackdell>
Errors-To: owner-nanog-outgoing@merit.edu
At 02:45 AM 1/25/2003 -0600, Jack Bates wrote:
>From: "Mike Tancsa"
>
> >
> >
> > Yes, I am seeing this big time. Are you sure its SQL server ? Thats
> > normally 1433 no ? Are there any other details somewhere about this ?
> >
><snip>
>
>All MS SQL servers listen to 1434 reguardless of the other ports they listen
>on. Depending on configuration depends on what other ports it uses (due to
>various security models), but 1434 is a constant in all configurations
>according to a quick search and a read on the last MS SQL vulnerability
>found in 7/2002.
Thanks, I have blocked the infected hosts in my customer colo space. Its
an eye opener how much traffic they generate on the local collision domain
they are on :-(
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
