[TriLUG] Some Interesting Vulnerabilities up on /.'s discussion pages
Scott Chilcote
scottchilcote at earthlink.net
Sat Jan 25 16:52:52 EST 2003
Jon Carnes wrote:
> http://slashdot.org
>
> There is a new internet worm attacking MS-SQL (UDP on port 1434), and a
> nice webserver vulnerability built in to all webservers because of an
> errant RFC (Cross-site-TRACE).
My DSL Router (Earthlink Static IP) has gotten about 150 hits on port
1434 since 5:09 AM. The attempts started slowing down a lot around 6
AM, but have held steady at around fifteen an hour since then. Most
recent was eight minutes ago.
There have been at least as many attempts on UDP port 137 (netbios name
service) since around 7 AM. It isn't mentioned in the article but it
appears to be related. The associated IP addresses don't show a
pattern, but they may be artificial.
I wonder if they'll manage to track this one down.
--
Scott C.
More information about the TriLUG
mailing list