Threat Level: Infocon green
DShield
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


UDP port 1434 directed attack to AS13489 IP ranges

Published: 2013-05-24,
Last Updated: 2013-05-24 20:50:51 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

0 comment(s)

We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:

Suspect packet #1

 Malicious packet 2 Malicious packet 3

 

We have seen a sustained rate in many nodes  inside AS13489, AS27989 and ASXXXXX nodes of  about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.

Have you seen something like this today on your AS? Let us know!

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
0 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2013-05-24 Manuel Humberto Santander Pelaez UDP port 1434 directed attack to AS13489 IP ranges (0 Comments)
2013-05-23 Adrien de Beaupre MoVP II (1 Comments)
2013-05-22 Adrien de Beaupre Privilege escalation, why should I care? (14 Comments)
2013-05-21 Adrien de Beaupre Moore, Oklahoma tornado charitable organization scams, malware, and phishing (1 Comments)
2013-05-20 Guy Bruneau Safe - Tools, Tactics and Techniques (0 Comments)
2013-05-20 Johannes Ullrich Ubuntu Package available to submit firewall logs to DShield (3 Comments)
2013-05-19 Kevin Shortt Port 51616 - Got Packets? (1 Comments)
2013-05-17 Daniel Wesemann e-netprotections.su ? (3 Comments)
2013-05-17 Johannes Ullrich SSL: Another reason not to ignore IPv6 (3 Comments)
2013-05-16 Joel Esler Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability (1 Comments)
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  cloudflare     typo squatting     ubuntu     java vulnerability     enterprise certificate authority     memory forensics     patches     tornado     certutil     vulnerability     xss     perimeter     trojan     malware analysis     usbexe     anti virus     certificates     boston marathon explosions     oklahoma     black tuesday     java 7u21     boston marathon bombing     signature     firefox     vrt     notification     bcp 38     sourcefire     boston marathon scams     mt6d     ipv4     security intelligence     internet status     usbdoc     fantasia     back tuesday     dshield     protocol     plugins     passwords     adobe     apple     cyberterrorism     configuration     patch tuesday     ddos     google     spoofing     firewall     thunderbird     denial of service     snort     watering hole     movp ii     spamhaus     linux     mozilla     cnn     micorsoft     safe     bgp     61     charity     relays     malware containment     microsoft     postgresql     java security update     dos     psexec     port 51616     exploit     flash     0 day     scam     ipv6     security advisory     updates     chargen     rfc6724     msft     waco fertilizer plant explosion     advance notification     web app sec     fake tech calls     disaster     email     cve20120158     remnux     phishing     opendoc     ipv6 focus month     ie 8     patch     webserver     kernel     51616     javascript     hak5     rfc6555     blackhole     sysinternals     privilege escalation     preference     cisco     frequency hopping     happy eyeballs     phish     fake charities     malware     ssl     gov     cyberbunker     overview     apache     certificate     boston marathon     ios     java     packets     incident     volatility     got packets     tools     spam     outage  
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

DSHIELD Polllink arrow

What are your plans when XP is no longer supported?

Latest RR Paperslink arrow

Event Monitoring and Incident Response

Dead Linux Machines Do Tell Tales

Setting Up a Database Security Logging and Monitoring Program

Managing the Implementation of a BYOD Policy

Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

UDP port 1434 directed attack to AS13489 IP ranges - by: Manuel Humberto Santander Pelaez (2013-05-24)

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute