NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hi all, There appears to be a major DDoS attack going on since last night, which is causing some pretty significant problems on the Internet all over the globe. In terms of the Unidata feeds, we have been seeing some problems feeding from a few sites. The problem appears to be a worm that is hitting unpatched MS SQL server machines. Even NCEP is being hit, as we can see from the latest message from the SDM desk: NCEP IS EXPERIENCING INTERNAL AND EXTERNAL WEB ACCESS PROBLEMS AND NCEP ACCESS TO SUITLAND WHERE MUCH OF THE SATELLITE PRODUCTS ORIGINATE A FOR OUR MODEL RUNS. SUPPORT PERSONNEL SAY THAT ANOTHER HOUR MAYBE NEEDED TO FULLY RECOVER THE COMMS SYSTEM...SORRY FOR THE DELAY... I've attached below the first account of this attack from the Bugtraq list . . . --Kevin ______________________________________________________________________ Kevin Tyle, Systems Administrator ********************** Dept. of Earth & Atmospheric Sciences ktyle@xxxxxxxxxxxxxxxx University at Albany, ES-235 518-442-4571 (voice) 1400 Washington Avenue 518-442-5825 (fax) Albany, NY 12222 ********************** ______________________________________________________________________ ---------- Forwarded message ---------- Resent-Date: Sat, 25 Jan 2003 02:12:54 -0500 Resent-From: mbac@xxxxxxxxxxxx Resent-To: bugtraq@xxxxxxxxxxxxxxxxx I'm getting massive packet loss to various points on the globe. I am seeing a lot of these in my tcpdump output on each host. 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos 0xc0 It looks like there's a worm affecting MS SQL Server which is pingflooding addresses at some random sequence. All admins with access to routers should block port 1434 (ms-sql-m)! Everyone running MS SQL Server shut it the hell down or make sure it can't access the internet proper! I make no guarantees that this information is correct, test it out for yourself! -- Michael Bacarella 24/7 phone: 646 641-8662 Netgraft Corporation http://netgraft.com/ "unique technologies to empower your business" Finger email address for public key. Key fingerprint: C40C CB1E D2F6 7628 6308 F554 7A68 A5CF 0BD8 C055
ldm-users archives: