Paul Stewart said: > Sorry to post this back to this list but I just spent 5 long hours at work > because of outages relating to this... All of the machines (happy to say) > were Winbloze 2000 boxes and now that you mention it they all have MSSQL > on them.. > > Thnx for making this noticed on the list.. I've been searching for half an > hour to find what is attacking and where... Does this attack > compromise the host and/or use it to launch another attack do we know? > > Thanks and sorry to post to this list... Just a lot of help..
I reccomend you subscribe to a general security mailing list. Unless you weren't paying attention to the net. I think the attack was brilliant, made code red look like a normal ping flood. and they picked friday night when most people go home for the weekend :) I found out about it at around 12:15AM this morning by a post on bugtraq[1]. checking my firewall logs[2] confirmed it. I subscribe to bugtraq, vulndev, and fulldisclosure mailing lists. not that I have any win32 systems, so I wasn't affected. nate [1] http://online.securityfocus.com/archive/1/308306/2003-01-22/2003-01-28/0 [2] http://portal.aphroland.org/~aphro/mssql.log -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
