the TRACE vuln has nothing to do with it....
on
Cross-Site-TRACE
·
· Score: 0, Offtopic
Resent-From: mbac@romulus.netgraft.com
From: Michael Bacarella
Date: Fri Jan 24, 2003 11:11:41 PM America/Los_Angeles
Resent-To: bugtraq@securityfocus.com
To: nylug-talk@nylug.org, wwwac@lists.wwwac.org, linux-elitists@zgp.org
Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
I'm getting massive packet loss to various points on the globe.
I am seeing a lot of these in my tcpdump output on each
host.
02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos 0xc0
It looks like there's a worm affecting MS SQL Server which is
pingflooding addresses at some random sequence.
All admins with access to routers should block port 1434 (ms-sql-m)!
Everyone running MS SQL Server shut it the hell down or make
sure it can't access the internet proper!
I make no guarantees that this information is correct, test it
out for yourself!
--
Michael Bacarella 24/7 phone: 646 641-8662
Netgraft Corporation http://netgraft.com/
"unique technologies to empower your business"
Finger email address for public key. Key fingerprint:
C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055
Well i hate to remind everybody but the last BIND worm used the same type of vuln where a vulnerable server was owned by requesting from an owned server.
We'll see how long it takes history to repeat itself.
encryption in the browser is crap. any mim (man in the middle) can easily hijack your session with open source software like ettercap. just download it and try it! you don't really even have to be in the middle... you can be on a switched lan where your target is and still hijcak the session.. and see it in plain text.
don't trust ssl in internet explorer.
if you have to do somthing secure use ssh and tunnels.
when we moved to our new location we had a telecom problem and had to resort to a satellite connection. it wasn't so bad for just downloads.. you can get about 1.5 megs... but when you have 40 sales people using a tcp based service where every keypress took 2-4 seconds to give results... let's just say people were bitching.
not to mention the 5-6 seconds it can take outlook to connect to the exchange server and show an email message...
so if you don't care about slower latency than a bad 9600 baud modem connection than go with satellite.
i would recomend using it as a very last resort. try doing a wireless connection to a friend who has cable or dsl... you can get a couple of wap11s and make a nice little bridge..
btw... does anyone know how to detect a wap11 bridge without a wap11?
-eek
it's not a method of synching your laptop but you can have a VNC like (better even) connection to your system at work... and using a nice ssh tunnel you can do it securly from anywhere in the world.
we still need a damn os x outlook client
fucking MS assholes... well they won't have a choice when apple stops booting into os9 hehe
Slashdot Mirror
Resent-From: mbac@romulus.netgraft.com From: Michael Bacarella Date: Fri Jan 24, 2003 11:11:41 PM America/Los_Angeles Resent-To: bugtraq@securityfocus.com To: nylug-talk@nylug.org, wwwac@lists.wwwac.org, linux-elitists@zgp.org Subject: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! I'm getting massive packet loss to various points on the globe. I am seeing a lot of these in my tcpdump output on each host. 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos 0xc0 It looks like there's a worm affecting MS SQL Server which is pingflooding addresses at some random sequence. All admins with access to routers should block port 1434 (ms-sql-m)! Everyone running MS SQL Server shut it the hell down or make sure it can't access the internet proper! I make no guarantees that this information is correct, test it out for yourself! -- Michael Bacarella 24/7 phone: 646 641-8662 Netgraft Corporation http://netgraft.com/ "unique technologies to empower your business" Finger email address for public key. Key fingerprint: C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055
the motorolla i90c is.
it's a nextel phone.
-eek
Well i hate to remind everybody but the last BIND worm used the same type of vuln where a vulnerable server was owned by requesting from an owned server. We'll see how long it takes history to repeat itself.
first post on my first accepted post...
encryption in the browser is crap. any mim (man in the middle) can easily hijack your session with open source software like ettercap. just download it and try it! you don't really even have to be in the middle... you can be on a switched lan where your target is and still hijcak the session.. and see it in plain text.
don't trust ssl in internet explorer.
if you have to do somthing secure use ssh and tunnels.
when we moved to our new location we had a telecom problem and had to resort to a satellite connection. it wasn't so bad for just downloads.. you can get about 1.5 megs... but when you have 40 sales people using a tcp based service where every keypress took 2-4 seconds to give results... let's just say people were bitching. not to mention the 5-6 seconds it can take outlook to connect to the exchange server and show an email message... so if you don't care about slower latency than a bad 9600 baud modem connection than go with satellite. i would recomend using it as a very last resort. try doing a wireless connection to a friend who has cable or dsl... you can get a couple of wap11s and make a nice little bridge.. btw... does anyone know how to detect a wap11 bridge without a wap11? -eek
anyone know of an open chinese proxy server so i can see for myself?
it's not a method of synching your laptop but you can have a VNC like (better even) connection to your system at work... and using a nice ssh tunnel you can do it securly from anywhere in the world.
we still need a damn os x outlook client
fucking MS assholes... well they won't have a choice when apple stops booting into os9 hehe
how many punch cards in a terabyte? and how much space would that take up?
this is the really cool stuff here: http://opticb.uoregon.edu/~mosswww/memory/shm.html .... yeah baby! can't wait till we can fit our entire music collection on one storage cube.
-eek
wow pudge you would have loved the old logo. -eek