[ale] New worm destablized Internet

Transam transam at verysecurelinux.com
Sat Jan 25 09:14:52 EST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new worm started destabilizing the Internet in the wee hours this
morning.  It spread via a vulnerability in MS SQL, according to reports,
and that the patch has been out for many months.  It is a 376-byte
packet that propagates over UDP port 1434 (Microsoft-SQL-Monitor).
Its effect appears to be diminishing somewhat due to many SysAdmins
starting to block this port on their firewall.

We have seen attacks against most of our clients' firewalls.
Those clients with one of our firewalls are immune from this worm
either entering their networks and even a vulnerable system (such
as a compromised Laptop) from launching the worm to other systems on
the Internet.  This is because we always have blocked this and all other
ports not explicitly opened and because we also always have applied egress
filtering.  Some may suffer from the loss of bandwidth consumed by the
worm that has compromised other sites on the Internet not so protected.

We see good access to all of our clients' protected networks.

Best regards,

Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
bob at verysecurelinux.com (e-mail)

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, October 2002, 848 pages, ISBN: 0130464562

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
Prentice Hall, November 2000, 700 pages

http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]
Quality Linux, UNIX and network security and software consulting since 1990.

GPG Public key available at http://www.verysecurelinux.com/pubkey.txt
  and on the CD-ROM that comes sealed and attached to Real World Linux Security
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at verysecurelinux.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+MpsMltNTPeOhxUARAnfsAJ4pAsOIPmKVkMn1kLv7/YQivpirLQCgnuHf
optBwD1bauZl7GVrg9Se7lg=
=8pvY
-----END PGP SIGNATURE-----
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list