[Nlnog] Re: Drops BGP sessions in AMSIX.

Tycho Eggen tycho at e-dude.org
Sat Jan 25 11:52:17 UTC 2003

On Sat, Jan 25, 2003 at 11:21:14AM +0100 Alex Bik(alex at bit.nl) wrote:
> On Sat, 25 Jan 2003, Arien Vijn wrote:
> > > It seems to be no DoS attack.
> > >
> > No DoS attack?
> It seems to be a worm with the effect of a DoS attack. So DoS is the
> result, but it's not really an attack. The huge bandwith consumtion with
> small packets cause problems at the source rather than at the
> destination. More or less like code red, but far worse and without a
> fixed destination address.

It's a full blown microsoft powered dos.
I just spoke to Joris de Mooij from Tiscali,
blocking ports 1433 and 1434 on both udp and tcp seems to be the remedy.

It's a worm based on multiple buffer overruns in the ms sql server.

more info on:
- http://www.intelenet.net/news/mssql-udp.txt (from nanog)
- http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp

For those having trouble, good luck!


Tycho Eggen             (Unix|Network|Social) Engineer
tycho at e-dude.org        +31 6 41 824 855
"Don't worry over what other people are thinking about you."
"They're too busy worrying over what you are thinking about them."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.nlnog.net/pipermail/nlnog/attachments/20030125/dbaa5d8f/attachment.pgp>

More information about the NLNOG mailing list