
	Where results make sense

Topic: SQL Slammer

Related Topics

Internet

January 25

	Wired 11.07: Slammed!
		Slammer's attack was ruthless and quick, spreading hundreds of times faster than the Code Red virus or Nimda worm.
		Slammer's code is a set of instructions as simple as "Lather, rinse, repeat." The program itself is only 376 bytes, not much longer than this paragraph.
		Slammer masquerades as a single UDP packet, one that would normally be a harmless request to find a specific database service.
	www.wired.com /wired/archive/11.07/slammer.html (1064 words)

	Microsoft SQL Server - Wikipedia, the free encyclopedia
		SQL Server is commonly used by businesses for small- to medium-sized databases, but the past five years have seen greater adoption of the product for larger enterprise databases.
		SQL Server 7.0 was the first true GUI based database server and was a rewrite away from the legacy Sybase code.
		A computer worm, named the SQL slammer worm, which exploited a previously patched security vulnerability in MS SQL 2000 was discovered in January 2003, and caused a large Internet slowdown on January 24.
	en.wikipedia.org /wiki/Microsoft_SQL_Server (1261 words)

	Download Database.com - Microsoft SQL Server 2000 Service Pack 3a
		Download SQL Server 2000 Service Pack 3a (SP3a), the latest and most comprehensive update to SQL Server 2000 that corrects vulnerabilities including the Slammer (W32.slammer) virus.
		SP3a is primarily intended for SQL Server users who have not applied any versions of SP3 and for MSDE users who want to choose the new "disable network protocols" option.
		Database client utilities, such as SQL Server Enterprise Manager and osql for SQL Server 2000.
	www.downloaddatabase.com /databasesoftware/microsoft-sql-server-2000-service-pack-3a.htm (154 words)

	F-Secure Computer Virus Information Pages: Slammer
		Slammer exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 (MS02-039).
		When the SQL server receives the malicious request the overrun in the server's buffer allows the worm code to be executed.
		Sometimes the random generator returns numbers that are broadcast addresses (eg.: x.y.z.0 or x.y.z.255) causing all the hosts on the particular network to receive the malicious packet.
	www.f-secure.com /v-descs/mssqlm.shtml (968 words)

	CERT Advisory CA-2003-04 MS-SQL Server Worm
		The high volume of 1434/udp traffic generated by hosts infected with the worm trying to find and compromise other SQL Server computers may itself lead to performance issues (including possible denial-of-service conditions) for Internet-connected hosts or for those computers on networks with compromise hosts.
		Administrators of all systems running Microsoft SQL Server 2000 and MSDE 2000 are encouraged to review CA-2002-22 and VU#484891.
		SQL Server 2000 and MSDE 2000 both have the vulnerability documented in VU#484891.
	www.cert.org /advisories/CA-2003-04.html (914 words)

	SQL Slammer Lessons - MonitorWare
		The worm spread through a several-month old vulnerability in Microsoft SQL Server 2000 and its little brother, MSDE 2000 (the MSDE is a stripped down, cost free version of Microsoft SQL Server for use by application developers).
		In contrast to the "real" SQL server, which typically (hopefully) is set up and administrated by a skilled administrator, the MSDE is often used on desktops.
		Remember, this is a first and quick effort to analyze the effects of the SQL Slammer worm.
	www.monitorware.com /Common/en/Articles/SQLSlammer-Learnings.php (3073 words)

	Viruslist.com - Net-Worm.Win32.Slammer
		In the spreading loop the worm sends itself to random IP addresses (depending on the random counter), to the MS SQL port 1434.
		Because MS SQL servers are often used on the Web this worm may cause a global INet DoS attack, because all infected servers will try to connect to other randomly selected machines in an endless loop - and this will cause a global INet traffic overflow.
		This security breach was found in July, 2002 and was later fixed in "MS SQL Server 2000" patches.
	www.viruslist.com /en/viruslist.html?id=59159 (341 words)

	Press Releases (Site not responding. Last check: 2007-10-26)
		The reason for this is that many applications use a Microsoft SQL Server component as an add-in.
		As this malicious code exploits a vulnerability in servers running the Microsoft SQL applications, systems that do not have Service Pack 3 installed can easily fall prey to this virus.
		This line indicates that the server could be running Microsoft SQL Server and it is, therefore, advisable to install the corresponding update, which is available at: http://www.microsoft.com/technet/security/bulletin/MS02-039.asp
	www.pandasoftware.com /about/press/viewNews.aspx?noticia=2691&ver=2003... (474 words)

	DevASP.Net Directory of SQL Resources (Site not responding. Last check: 2007-10-26)
		SQL Server Integration Services (SSIS) in SQL Server 2005 has been redone, and is clearly superior over SQL Server 2000.
		One of the most interesting phenomena in the computing arena within the last few years is the growing concern for security, which, at this point, is being treated on a par with efficiency and cost (as a matter of fact, security became one of the primary factors when evaluating any technology-based solution).
		The main driving factors behind this trend are the increasing number of computer worms and viruses (combined with ubiquity of the Internet), the financial impact of their destructive nature...
	www.devasp.net /net/search/display/category147.html (897 words)

	Microsoft SQL Server Security
		This is must have for all Microsoft SQL Server/MSDE administrators.
		"SQL Server 2000 security tools are used to scan instances of Microsoft® SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000.
		A good checklist of things you should do before deploying a sql server into production.
	www.cgisecurity.com /database/mssql (217 words)

	COTSE-SQL Slammer worm shines light on Banking and, in particular, Bank of America
		SQL Slammer worm shines light on Banking and, in particular, Bank of America
		SQL Slammer is a worm that capitalizes on a six month old vulnerability in MS-SQL server.
		The Register reports that some London financial services were also affected by Slammer.
	www.cotse.com /20032701.html (592 words)

	[No title]
		Die ebenfalls schwer betroffene VR China riegelte angesichts der Krise ihr nationales Netz gleich komplett nach auÃen ab.
		Verursacher der Aufregung: Sapphire alias MS-SQL Slammer alias WORM_SQLP1434.A - ein gerade mal 376 Byte groÃer SchÃ¤dling.
		Der vielfach auch schlicht und treffend SQL Hell titulierte Wurm infizierte innerhalb einer guten halben Stunde mindestens 75.000 Microsoft SQL-Server und brachte mit einer wahren Flut von UDP-Paketen auf Port 1434 das Internet innerhalb von 30 Minuten nahezu zum Stillstand.
	www.tecchannel.com /server/sicherheit/402050 (447 words)

	W32.SQLExp.Worm - Symantec.com
		W32.SQLExp.Worm is a worm that targets the systems running Microsoft SQL Server 2000, as well as Microsoft Desktop Engine (MSDE) 2000.
		The worm has the unintended payload of performing a Denial of Service attack due to the large number of packets it sends.
		Symantec Security Response strongly recommends that all the users of either Microsoft SQL Server 2000 or MSDE 2000 audit their computers for the vulnerabilities that are referred to in Microsoft Security Bulletin MS02-039 and Microsoft Security Bulletin MS02-061.
	www.symantec.com /security_response/writeup.jsp?docid=2003-012502-3306-99 (305 words)

	CAIDA : analysis : security : sapphire (Site not responding. Last check: 2007-10-26)
		It spread throughout the Internet and infected most of the vulnerable hosts that could be found within ten minutes.
		The worm (also called Slammer, SQLSlammer, W32.Slammer) began at almost exactly 5:30 AM (UTC) on Saturday January 25th and spread by infecting copies of Microsoft SQL Server and MSDE 2000 (Microsoft SQL Server Desktop Engine) that were exposed to the Internet.
		(excerpted from CERT Advisory CA-2003-04 MS-SQL Server Worm) The worm targeting SQL Server computers is self-propagating malicious code that exploits the vulnerability described in VU#484891 (CAN-2002-0649).
	www.caida.org /analysis/security/sapphire (368 words)

Try your search on: Qwika (all wikis)