What is SQL Slammer?
SQL Slammer Worm is the fastest worm in the world. It named
SQL Slammer but it didn’t use any SQL language. This worm exploited some vulnerabilities
of Microsoft's flagship SQL Server.
SQL Slammer first appearance on 25-1- 2003. As I mentioned before SQL Slammer
is the fastest worm. Most of the victims infected it within ten minutes. On
2003 in Hong Kong this worm cause ATM down and some of the Internet service
down.
SQL
Slammer send the random target a UDP packet to port 1434. If the worm infected
you system, it sends traffic to random ip addresses for DDOS the ip addresses
to make the Internet service down and try to infect them. According to the
record the traffic is up to 50Mb/s after being infected.
Solution?
Michael Bacarella is
the first person to alerted the general public. In 25-1-2003
Who posted a
message "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!". And Microsoft releases the fix packet in
31-1-2003 to end this worm.
 |
| This is the infected area after the worm releases 30minutes |
References:
1. David Moore,Vern Paxson,Stefan Savage, Colleen Shannon,Stuart Staniford,Nicholas Weaver,CAIDA & UCSD CSE,ICIR & LBNL,UCSD CSE,CAIDA,Silicon Defense,Silicon Defense & UC Berkeley EECS. "The Spread of the Sapphire/Slammer Worm". March 20, 2014, from
http://www.caida.org/publications/papers/2003/sapphire/sapphire.html
2. SQL Slammer. n.d. In Wikipedia. Retrieved March 20, 2014, from http://en.wikipedia.org/wiki/SQL_Slammer.
沒有留言:
張貼留言