Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.



advertisement
Diary Advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!

UDP port 1434 directed attack to AS13489 IP ranges

Published: 2013-05-24,
Last Updated: 2013-05-24 23:08:16 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

0 comment(s)

We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:

Suspect packet #1

 Malicious packet 2

Malicious packet 3

We have seen a sustained rate in many nodes  inside AS13489 and AS27989 nodes of  about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.

Have you seen something like this today on your AS? Let us know!

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
0 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2013-05-24 Manuel Humberto Santander Pelaez UDP port 1434 directed attack to AS13489 IP ranges (0 Comments)
2013-05-23 Adrien de Beaupre MoVP II (1 Comments)
2013-05-22 Adrien de Beaupre Privilege escalation, why should I care? (15 Comments)
2013-05-21 Adrien de Beaupre Moore, Oklahoma tornado charitable organization scams, malware, and phishing (1 Comments)
2013-05-20 Johannes Ullrich Ubuntu Package available to submit firewall logs to DShield (3 Comments)
2013-05-20 Guy Bruneau Safe - Tools, Tactics and Techniques (0 Comments)
2013-05-19 Kevin Shortt Port 51616 - Got Packets? (1 Comments)
2013-05-17 Daniel Wesemann e-netprotections.su ? (3 Comments)
2013-05-17 Johannes Ullrich SSL: Another reason not to ignore IPv6 (3 Comments)
2013-05-16 Joel Esler Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability (1 Comments)
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  incident     61     xss     phish     email     java     typo squatting     scam     firewall     java 7u21     malware containment     sourcefire     cisco     51616     exploit     trojan     ssl     malware analysis     firefox     boston marathon bombing     micorsoft     linux     advance notification     outage     perimeter     bcp 38     0 day     frequency hopping     protocol     psexec     gov     thunderbird     tornado     vrt     privilege escalation     enterprise certificate authority     notification     java vulnerability     apple     postgresql     patches     memory forensics     safe     patch tuesday     certificate     mt6d     flash     got packets     javascript     anti virus     cyberterrorism     oklahoma     webserver     google     ubuntu     movp ii     denial of service     fake charities     charity     apache     boston marathon scams     port 51616     msft     back tuesday     sysinternals     phishing     watering hole     certificates     updates     signature     black tuesday     mozilla     configuration     boston marathon     spam     tools     passwords     malware     vulnerability     packets     ie 8     kernel     chargen     boston marathon explosions     cloudflare     ios     plugins     fake tech calls     dshield     usbdoc     ipv6 focus month     web app sec     relays     waco fertilizer plant explosion     dos     java security update     overview     disaster     bgp     usbexe     blackhole     spamhaus     ddos     security intelligence     fantasia     security advisory     adobe     remnux     certutil     volatility     patch     hak5     internet status     opendoc     cnn     snort     cve20120158     ipv6     spoofing     cyberbunker     microsoft  
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

ISC Polllink arrow

What are your plans when XP is no longer supported?

Latest RR Paperslink arrow

Event Monitoring and Incident Response

Dead Linux Machines Do Tell Tales

Setting Up a Database Security Logging and Monitoring Program

Managing the Implementation of a BYOD Policy

Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

UDP port 1434 directed attack to AS13489 IP ranges - by: Manuel Humberto Santander Pelaez (2013-05-24)

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute