Skip to content


deny udp any any eq 1434

it looks like the the latest internet worm is making the rounds, and this one’s a biggie. It’s been dubbed ‘SQLSlammer’, since it hammers on the Microsoft SQL ports, attempting to exploit yet another commonly-unpatched 7-month-old MS vulnerability. The best bit: it uses UDP broadcasts to do this, so the traffic load is massive compared to previous worms, so there’s lots and lots of backbone hosage as a result. Coverage:

  • Matrix NetSystems: nice (live?) graph of The State Of The Net
  • BugTraq thread

  • Disassembly and analysis of the worm

  • The SQL Server 2000 bug it exploits

  • Slashdot: MS SQL Server Worm Wreaking Havoc

  • Quick fix: update those router filters to deny all traffic, both UDP and TCP, on port 1434. (you shouldn’t need to update the firewall filters of course, because nobody’s stupid enough to allow access to open-internet MS SQL traffic, right? ;)

    Comments closed