Sat Jan 25, 2003

The SQL Worm

Late last night Fiachra, my trusty linux workstation and blog-server, started getting hit by the Microsoft SQL Worm that’s been flooding Internet traffic in the past 18 hours. My log files are full of attempts to connect to UDP Port 1434. I don’t run MS SQL server, of course, but obviously enough servers do (and run with vulnerable versions) for it to propagate like crazy.

Fiachra was getting hit every few seconds—- and it’s just a regular workstation sitting on an office desk. I pity the admins who had to deal with a bank of routers lit up like Christmas trees. Here’s a picture of the worm’s effects on host reachability. Ouch. Nothing like a Distributed Denial of Service attack to remind us of the Fundamental Interconnectedness of All Things.