| View previous topic :: View next topic |
| Author |
Message |
The Knighty NI
Prince
Joined: 06 Sep 2007
Posts: 780
Location: Lost in space on a rather small Blue ping pong ball. :)
|
 Posted: Tue Jan 17, 2012 5:35 pm Post subject: Is someone preparing a DoS attack on me? |
 |
|
My firewall over the last few days has intercepted MS02-039_SQL_SERVER_RESOLUTION_EXPLOIT
There are four source IP's for all the interceptions so far with one of them only showing up once. All the interceptions are coming to my IP address where I connect to the internet. The latest interception was this afternoon at about 4pm GMT.
I checked it out on the Trend Micro Threat site and it seems to be a very old vulnerability from back in 2002.
http://about-threats.trendmicro.com/archivevulnerability.aspx?language=us&name=MS02-039_SQL_SERVER_RESOLUTION_EXPLOIT
What are your thoughts Kniggets and Kniggetesses?
_________________
What is that in the Shrubbery?
 |
|
| Back to top |
|
 |
Pooh Bear 27
Prince
Joined: 28 Jan 2005
Posts: 1358
Location: Fond du Lac, WI
|
| Posted: Tue Jan 17, 2012 5:40 pm Post subject: |
|
|
| Probably a Worm out there doing address checks to search for certain things and if found roll a real attack. Your ISP may be the one that is actually being searched through and they've hit all the addresses across the space a few times just to see what they find. |
|
| Back to top |
|
|
The Knighty NI
Prince
Joined: 06 Sep 2007
Posts: 780
Location: Lost in space on a rather small Blue ping pong ball. :)
|
| Posted: Tue Jan 17, 2012 5:45 pm Post subject: |
|
|
Thanks Pooh. Do you think I should alert my ISP to this to see if there is anything going on generally on the IP addresses my ISP owns?
Also to see if they are able to do anything about this generally for all other users of my ISP?
_________________
What is that in the Shrubbery?
|
|
| Back to top |
|
|
PhastPhred
Prince
Joined: 22 Mar 2006
Posts: 6017
Location: Northwest AR (USA)
|
| Posted: Tue Jan 17, 2012 6:48 pm Post subject: |
|
|
SLAMMER!! Yeah, been around awhile! 2010 article from Kaspersky Labs at
http://threatpost.com/en_us/blogs/inside-story-sql-slammer-102010
| Quote: | | As I write this in 2010, Slammer is still out there, nearly eight years after release, still doing the rounds, so to speak. This is at worst an annoyance as, fortunately, Slammer had no destructive payload but it does suggest that there are still unpatched SQL and MSDE installs out there. This is incredible to me but unpatched systems are definitely few and far between. One positive aspect of Slammer was the effect it had on patching – prior to Slammer I’d guesstimate, from the results of penetration tests and so on, that 9 out of 10 SQL Servers were unpatched. Immediately after Slammer this reversed leaving 1out of 10 unpatched. Patching was 100% effective in preventing reinfection and so, in its own ironic way, Slammer helped make the Internet that little bit more secure. |
_________________
 |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
