[55092] in North American Network Operators' Group
Re: New worm / port 1434?
daemon@ATHENA.MIT.EDU (Mike Leber)
Sat Jan 25 08:10:26 2003
Date: Sat, 25 Jan 2003 00:12:37 -0800 (PST)
From: Mike Leber <mleber@he.net>
To: Avleen Vig <lists-nanog@silverwraith.com>
Cc: nanog@nanog.org
In-Reply-To: <20030125063229.GD58624@silverwraith.com>
Errors-To: owner-nanog-outgoing@merit.edu
We are seeing this too.
We are seeing the gige interfaces on multiple customer aggregation
switches at multiple locations add several hundred Mbps each. All the
traffic is destined for udp port 1434 with a randomized source address. We
are doing "ip verify unicast source reachable-via any" which stops most of
the random addresses. We've temporarily had to block udp port 1434.
On Fri, 24 Jan 2003, Avleen Vig wrote:
>
> It seems we have a new worm hitting Microsoft SQL server servers on port
> 1434.
>
+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber Direct Internet Connections Voice 510 580 4100 |
| Hurricane Electric Web Hosting Colocation Fax 510 580 4151 |
| mleber@he.net http://www.he.net |
+-----------------------------------------------------------------------+
