nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New worm / port 1434?

From: Mike Tancsa <mike () sentex net>
Date: Sat, 25 Jan 2003 03:50:05 -0500

At 02:45 AM 1/25/2003 -0600, Jack Bates wrote:

From: "Mike Tancsa"

>
>
> Yes, I am seeing this big time.  Are you sure its SQL server ?  Thats
> normally 1433 no ?  Are there any other details somewhere about this ?
>
<snip>

All MS SQL servers listen to 1434 reguardless of the other ports they listen
on. Depending on configuration depends on what other ports it uses (due to
various security models), but 1434 is a constant in all configurations
according to a quick search and a read on the last MS SQL vulnerability
found in 7/2002.
Thanks, I have blocked the infected hosts in my customer colo space. Its an eye opener how much traffic they generate on the local collision domain they are on :-( 

        ---Mike
--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike () sentex net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike
Previous By Date Next
Previous By Thread Next

Current thread: