[TriLUG] Some Interesting Vulnerabilities up on /.'s discussion pages

Scott Chilcote scottchilcote at earthlink.net
Sat Jan 25 16:52:52 EST 2003


Jon Carnes wrote:
> http://slashdot.org
>  
> There is a new internet worm attacking MS-SQL (UDP on port 1434), and a 
> nice webserver vulnerability built in to all webservers because of an 
> errant RFC (Cross-site-TRACE).

My DSL Router (Earthlink Static IP) has gotten about 150 hits on port 
1434 since 5:09 AM.  The attempts started slowing down a lot around 6 
AM, but have held steady at around fifteen an hour since then.  Most 
recent was eight minutes ago.

There have been at least as many attempts on UDP port 137 (netbios name 
service) since around 7 AM.  It isn't mentioned in the article but it 
appears to be related.  The associated IP addresses don't show a 
pattern, but they may be artificial.

I wonder if they'll manage to track this one down.

--
Scott C.





More information about the TriLUG mailing list