Skip to content

Archives

deny udp any any eq 1434

it looks like the the latest internet worm is making the rounds, and this one’s a biggie. It’s been dubbed ‘SQLSlammer’, since it hammers on the Microsoft SQL ports, attempting to exploit yet another commonly-unpatched 7-month-old MS vulnerability. The best bit: it uses UDP broadcasts to do this, so the traffic load is massive compared to previous worms, so there’s lots and lots of backbone hosage as a result. Coverage:

Quick fix: update those router filters to deny all traffic, both UDP and TCP, on port 1434. (you shouldn’t need to update the firewall filters of course, because nobody’s stupid enough to allow access to open-internet MS SQL traffic, right? ;)