To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.market.brickshopsOpen lugnet.market.brickshops in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Marketplace / Brick Shops / 1020
1019  |  1021
Subject: 
Re: BrickLink down (or unreachable) ?
Newsgroups: 
lugnet.market.brickshops
Date: 
Sat, 25 Jan 2003 15:02:38 GMT
Viewed: 
2046 times
  
In lugnet.market.brickshops, Ray Sanders writes:
I've been unable to reach BrickLink at all this morning. The NANOG list is
reporting a fairly major DDoS attack underway since late last night on a MS SQL
Server udp port, so I wonder if A has anything to do with B. Anyone know whats
up (or down as the case may be) ?

This might be part of it:

Copied from NTBUGTRAQ mailing list:

"Everyone,

I don't know what is causing this, but we had several customer machines
(which we don't manage) affected tonight. The common thread is that all
were running an unpatched MS SQL Server. This new worm seems to create
MASSIVE network traffic which propagates outbound. Somehow it seems to be
amplified at each of our Cisco routers. In our colo facility, we had 3
"infected" servers on 10Base-T connections - after this traffic hit our
core router, the traffic increased from just under 30Mbits/sec inbound from
our colo switch to 80+Mbits/sec outbound over ALL transit and peering
connections. I know our routers aren't smurf amplifiers and I don't know
what caused the increased outbound traffic. Once this process is started,
the MSSQLServer service cannot be stopped (or killed with pview). If the
service is disabled and the server rebooted, it will not generate this
traffic. It is not a master-slave program which requires a connection from

outside to start the flow. Once the SQL server has been infected, no
Internet connection is needed to continue the traffic storm even after a
reboot. None of our managed customer machines were affected, but all of
them are patched with current patches and none of them have 1433 exposed to
the world either. I don't have any more detail at this time, but I plan to
look into this worm/virus/exploit further in the AM. This seems to affect
both MSSQL and MSDE. Does anyone else have more to add. I have seen several
networks drop off the earth tonight as a result of this exploit.

-Robert Boyle"



Message is in Reply To:
  BrickLink down (or unreachable) ?
 
I've been unable to reach BrickLink at all this morning. The NANOG list is reporting a fairly major DDoS attack underway since late last night on a MS SQL Server udp port, so I wonder if A has anything to do with B. Anyone know whats up (or down as (...) (22 years ago, 25-Jan-03, to lugnet.market.brickshops)

4 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR