Thursday, February 22, 2007

Did you know series?

Post what you know about security attacks or alarms that you would like to share with others:

Here's one: A fast scanning worm can affect more than half the Internet in 10 sec. The Slammer worm was not quite as fast but it was nearly there. Any ideas as to why?


Nishank said...

Well, Slammer successfully exploited the security weakness in MS SQL Server. Although a patch was released by Microsoft 6 months prior to the worm infection, sourses at Microsoft say that a large number of computers did not install the patch.

I guess the reason it wasn't as fast as to infect half the internet is becasue it looked out for systems which had a copy of MS SQL Server 2000 or MSDE 2000 ( both w/o the patch ). This made home PC's and PCs with the patch immune to the attack.

Shobhit S Thapar said...

The slammer virus affected SQL Server 2000 Evaluation Edition, SQL Server 2000 RTM, SQL Server 2000 SP1, SQL Server 2000 SP2 among others...

To add to what Nishank said said W32.Slammer virus was a memory resident worm that propagated via UDP Port 1434 and exploited a vulnerability in SQL Server 2000 systems and systems with MSDE 2000.

The impact of the attack was DOS or denial of service...

Lakshminarayanan Subramanian said...

the reason why Slammer slowed down was that all the network links were getting congested. Hence, what was supposed to be a massive infection attack also turned to be a Dos attack due to the sheer volume of traffic.

Anita said...

Morris Worm:

At that time, the Internet was still a closed system used by universities and the military for research purposes. Commands such as 'remote login,' 'remote shell' and 'remote copy' were commonly used and if you were logged into one machine, you could access another system; it wouldn't even ask you for a login password. There was a level of trust.
The first worm which quickly crippled a substantial portion of the Internet was released in 1988 by a student of Cornell University, Robert Morris.
Within hours, the worm overloaded around thousands of Unix and Solaris Microsystems.
Surprisingly it was part of a research project and was not designed to cause damage, but it was programmed to self-replicate. The program was designed to check for a copy of itself and shut down if there already was a copy running on that machine. But a programmer's error made that check fail, so multiple copies ended up on the same machine, and the number grew more quickly than Morris had ever imagined. Infected computers collapsed within minutes under the demands of hundreds of versions of the Worm, all demanding processor time. When Morris hit in 1988, academics would have lost some of their research.