Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.



advertisement
Diary Advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!

UDP port 1434 directed attack to AS13489 IP ranges

Published: 2013-05-24,
Last Updated: 2013-05-24 23:08:16 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

0 comment(s)

We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:

Suspect packet #1

 Malicious packet 2

Malicious packet 3

We have seen a sustained rate in many nodes  inside AS13489 and AS27989 nodes of  about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.

Have you seen something like this today on your AS? Let us know!

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
0 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2013-05-24 Manuel Humberto Santander Pelaez UDP port 1434 directed attack to AS13489 IP ranges (0 Comments)
2013-05-23 Adrien de Beaupre MoVP II (1 Comments)
2013-05-22 Adrien de Beaupre Privilege escalation, why should I care? (15 Comments)
2013-05-21 Adrien de Beaupre Moore, Oklahoma tornado charitable organization scams, malware, and phishing (1 Comments)
2013-05-20 Johannes Ullrich Ubuntu Package available to submit firewall logs to DShield (3 Comments)
2013-05-20 Guy Bruneau Safe - Tools, Tactics and Techniques (0 Comments)
2013-05-19 Kevin Shortt Port 51616 - Got Packets? (1 Comments)
2013-05-17 Daniel Wesemann e-netprotections.su ? (3 Comments)
2013-05-17 Johannes Ullrich SSL: Another reason not to ignore IPv6 (3 Comments)
2013-05-16 Joel Esler Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability (1 Comments)
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  patches     usbexe     charity     mt6d     linux     flash     certificate     fantasia     configuration     enterprise certificate authority     apple     sysinternals     dos     updates     movp ii     vulnerability     micorsoft     malware containment     frequency hopping     ddos     plugins     patch     spoofing     webserver     perimeter     boston marathon     hak5     outage     typo squatting     java security update     spamhaus     port 51616     volatility     firefox     trojan     spam     relays     ipv6     protocol     malware     cyberterrorism     dshield     apache     memory forensics     phish     certificates     back tuesday     51616     vrt     ipv6 focus month     opendoc     packets     scam     tools     ssl     patch tuesday     incident     privilege escalation     boston marathon bombing     signature     adobe     overview     malware analysis     chargen     thunderbird     javascript     certutil     phishing     waco fertilizer plant explosion     advance notification     got packets     security intelligence     kernel     java     0 day     oklahoma     safe     microsoft     security advisory     ios     black tuesday     java 7u21     watering hole     usbdoc     fake charities     email     java vulnerability     denial of service     firewall     cve20120158     ie 8     tornado     cloudflare     bcp 38     61     exploit     disaster     cisco     mozilla     xss     cnn     remnux     internet status     psexec     gov     boston marathon scams     sourcefire     notification     passwords     fake tech calls     blackhole     web app sec     cyberbunker     boston marathon explosions     msft     bgp     ubuntu     google     snort     postgresql     anti virus  
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

ISC Polllink arrow

What are your plans when XP is no longer supported?

Latest RR Paperslink arrow

Event Monitoring and Incident Response

Dead Linux Machines Do Tell Tales

Setting Up a Database Security Logging and Monitoring Program

Managing the Implementation of a BYOD Policy

Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

UDP port 1434 directed attack to AS13489 IP ranges - by: Manuel Humberto Santander Pelaez (2013-05-24)

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute