P1Fanatic

If youve noticed the Net being slow today it looks like yet another worm has been released causing chaos on internet links worldwide. Looks like its something to do with SQL on Port 1434.

No reports on the register etc as yet but believe me this is big!

Simon.

P1Fanatic

It looks like everyone is suffering from a Distributed Denial of
Service attack. It seems to be related to MS SQL servers that suddenly start sending loads of UDP traffic to random IP addressess on port 1434. This keeps on increasing, eventually maxing out links.

Simon.

super_si

Culprit

P1Fanatic

This makes code red look like a **** in the park. So I wouldnt be posting on a public BBS that you were involved

pslewis

I havent noticed any difference?? its faster than yesterday!! So I say - release the worm!!

Pete

P1Fanatic

Thats because by the time old farts like you get up from your slumber, its impact has been reduced

JackClark

http://vil.nai.com/vil/content/v_99992.htm

Saturday!!! Working on notification now.

P1Fanatic

Good link Jack!

RichB

Our Mac servers seem to be running fine
...but only cos all the SQL servers are off

Oh what fun it is to work in an ISP! *yawn*

P1Fanatic

We have loads of customers shutting their routers off due to the problems its causing them. Doesnt seem thay many customers are aware as yet. Im off for 5 days on monday so Ill miss the aftermath - ah joy!

stevem2k

One of our rotating banner providers has been down since 05:30 this morning ~ had to come into the office to put in some workarounds .. grrrrrr



Steve

Houlbt

Where do you work P1Fan...

We got totally fcuked today, costs a lot of cash in my game.

But me not being IT I just get to sit here looking stoopid whilst IT runs round pulling wires out of stuff

oh well....at least someone left a copy of evo lying around

P1Fanatic

I work for WorldCom mate. We knew about it just after midnight. Didnt impact our network that much as we got filters up to reduce traffic.

Simon.

Houlbt

Dunno.... but it is causing real trouble here, think we have a load of people from Siemens here sorting stuff.

Apparently BT lost a lot of systems... but I don't really know what I am talking about

Houlbt

UDP broadcast....ehhhh! what is that all about, me dunno

Gordon Brown

.

[Edited by Gordon Brown - 25/01/2003 18:29:41]

P1Fanatic

Heres another good link:

http://www.cert.org/advisories/CA-2003-04.html

Simon.

mega_stream

Have UUNET sorted that DNS problem yet?

What happened?

P1Fanatic

Its looking ok at the moment. I cant say exactly what happened as its more than my jobs worth posting that sort of stuff on a public bbs. If you look on the register it should give you the lowdown.

Simon.

[Edited by P1Fanatic - 25/01/2003 19:40:17]

P1Fanatic

Has made it to the Beeb:

http://news.bbc.co.uk/1/hi/technology/2693925.stm

super_si

Nestle feel foul to it aswell.

Old man told us.

Si

Houlbt

And Barclaycard, Commerzbank, Citibank, EdF, London Electricity, Transco.....they're just a few! **** and they are only some of the 24/7 places that have weekend people to pick up on it.

Monday will be chaos in London.... no central line and all the computers hacked.

Puff The Magic Wagon!

iTrader: (2)

Phew

After the week I've just had & now being on holiday, I'm sure as hell glad I've got SP3 running - that & lots of other protection...

Phew...

Houlbt

We were supposed to be patched though.... Que???? We spend fecking loads (I mean really lots) on IT, what a pi55 take!

Dunno...think there were some computers running SQL analytics type jobs (I'm no IT honcho in case you couldn't tell) and they got it in the data they were downloading (weather data i think???)

[Flame Suit Donned] I find it fascinating though... you know in the same way you can find those master criminal roberies...even though you cannot condone the action or the cost to innocent people etc etc

Night people.... H

[Edited by Houlbt - 1/25/2003 11:42:27 PM]

dsmith

.

Soulgirl

Its ok guys... they caught the culprit!
CNN NEWS

Miles

The story from The Register.....

Huxley

Miles

[img]images/smilies/mad.gif[/img]That fookin site has the habbit filling your screen with **** knows how many popups[img]images/smilies/mad.gif[/img] I wish i could **** there servers up somehow as that sort of thing realy gets on my t1ts and it's almost as bad as junk mail through the post[img]images/smilies/mad.gif[/img]

Huxley

stevem2k

We're over the moon ... internally the only thing it affected was the timesheet system

Steve

Foot_Tapper

LOL very good Soulgirl, the popups you have are very helpful as well.