Port Details - Port 1434

Aug 03 292 Aug 04 284 Aug 05 315 Aug 06 222 Aug 07 222 Aug 08 194 Aug 09 266 Aug 10 261 Aug 11 256 Aug 12 220 Aug 13 242 Aug 14 287 Aug 15 236 Aug 16 255 Aug 17 246 Aug 18 320 Aug 19 295 Aug 20 284 Aug 21 236 Aug 22 229 Aug 23 283 Aug 24 265 Aug 25 253 Aug 26 227 Aug 27 214 Aug 28 211 Aug 29 191 Aug 30 323 Aug 31 333 Sep 01 270 Sep 02 191 Aug 03 66,703 Aug 04 66,203 Aug 05 66,597 Aug 06 65,595 Aug 07 72,442 Aug 08 73,016 Aug 09 64,642 Aug 10 60,223 Aug 11 65,811 Aug 12 64,189 Aug 13 62,073 Aug 14 71,821 Aug 15 67,616 Aug 16 60,154 Aug 17 63,494 Aug 18 67,760 Aug 19 64,170 Aug 20 66,314 Aug 21 65,607 Aug 22 68,090 Aug 23 69,996 Aug 24 63,736 Aug 25 64,695 Aug 26 62,692 Aug 27 63,511 Aug 28 72,663 Aug 29 72,812 Aug 30 70,615 Aug 31 67,991 Sep 01 65,559 Sep 02 46,758
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
tcpms-sql-mMicrosoft-SQL-Monitor
udpms-sql-mMicrosoft-SQL-Monitor
udpms-sql-mSQL Slammer / Sapphire worm
[get complete service list]

User Comment

Submitted ByDate
Comment
Stephen Kawamoto2009-10-04 18:45:22
I looked over eeye.com's reverse engineering of the worm that did the SQL Slammer (given the name, "Sapphire Worm") on Jan. 25, and it's elegant, not quick and dirty. Reference: http://www.eeye.com/html/Research/Flash/sapphire.txt
Marcus H. Sachs, SANS Institute2003-10-10 00:35:20
SANS Top-20 Entry: W2 Microsoft SQL Server (MSSQL) http://isc.sans.org/top20.html#w2 The Microsoft SQL Server (MSSQL) contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts. MSSQL vulnerabilities are well-publicized and actively under attack. Two recent MSSQL worms in May 2002 and January 2003 exploited several known MSSQL flaws. Hosts compromised by these worms generate a damaging level of network traffic when they scan for other vulnerable hosts.
Johannes Ullrich2003-01-26 22:05:40
This port is used by the SQL Slammer or Sapphire worm. See 'analysis' section on homepage. Worm started at 12:30 AM January 25th. It is targeting MS-SQL servers on port 1434 (UDP).
David Berg2003-01-25 20:33:56
Observed 30 probes in 30 minutes from 30 sources -- all source port 69 to destination 1434 UDP. Probes continuing as I write this at the same pace. First probe at 21:35 Pacific time.
Add a comment

CVE Links

CVE #Description
CVE-2002-649 "Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name