Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2013-05-24 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

UDP port 1434 directed attack to AS13489 IP ranges

Published: 2013-05-24
Last Updated: 2013-05-24 23:08:16 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:

Suspect packet #1

Malicious packet 2

Malicious packet 3

We have seen a sustained rate in many nodes  inside AS13489 and AS27989 nodes of  about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.

Have you seen something like this today on your AS? Let us know!

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
0 comment(s)
Diary Archives