SANS Internet Storm Center, InfoCON: green
UDP port 1434 directed attack to AS13489 IP ranges, (Fri, May 24th)
We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:
We have seen a sustained rate in many nodes inside AS13489 and AS27989 nodes of about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.
Have you seen something like this today on your AS? Let us know!
Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts
