[55128] in North American Network Operators' Group
RE: New worm / port 1434?
daemon@ATHENA.MIT.EDU (Marcos R. Della)
Sat Jan 25 12:00:46 2003
Date: Sat, 25 Jan 2003 07:56:33 -0800
From: "Marcos R. Della" <mdella@cstone.com>
To: <nanog@nanog.org>
Errors-To: owner-nanog-outgoing@merit.edu
For those that are interested, here are a couple disassemblies of the
worm.
At least it was a non-persistant worm and didn't also damage the MSSQL
servers.
Could have been much worse... We could all not only be filtering routers
And cleaning up switches, we could also be explaining to customers why
their
Entire database of "stuff" disappeared or was stolen...
http://www.digitaloffense.net/worms/mssql_udp_worm/NOTES.TXT
http://www.boredom.org/~cstone/worm-annotated.txt
http://www.snafu.freedom.org/tmp/1434-probe.txt
Marcos
--
mdella@cstone.com | http://www.geekstyle.net
-----Original Message-----
From: Peter van Dijk [mailto:peter@dataloss.nl]=20
Sent: Saturday, January 25, 2003 3:35 AM
To: Avleen Vig; nanog@nanog.org
Subject: Re: New worm / port 1434?
On Sat, Jan 25, 2003 at 08:05:33AM +0000, Gary Coates wrote:
>=20
> Duplicated info.. But this is an old worm ;-(
>=20
> http://www.cert.org/advisories/CA-1996-01.html
This is not the worm that's spreading now.
Greetz, Peter
--=20
peter@dataloss.nl | http://www.dataloss.nl/ | Undernet:#clue
