From: "Joe Barr" 


From /. this morning
MS SQL Server Worm Wreaking Havoc
MicrosoftPosted by pudge on Saturday January 25, {at}07:43AM from the
no-man-will-know-the-day-or-the-hour dept. defile writes "Since about
midnight EST almost every host on the internet has been receiving a 376
byte UDP payload on port ms-sql-m (1434) from a random infected server.
Reports of some hosts receiving 10 per minute or more. internetpulse.net is
reporting UUNet and Internap are being hit very hard. This is the cause of
major connectivity problems being experienced worldwide. It is believed
this worm leverages a vulnerability published in June 2002. Several core
routers have taken to blocking port 1434 outright. If you run Microsoft SQL
Server, make sure the public internet can't access it. If you manage a
gateway, consider dropping UDP packets sent to port 1434." bani adds
"This has effectively disabled 5 of the 13 root nameservers."

--

--- BBBS/NT v4.01 Flag-4