SQL Slammer Worm

On Friday, January 24th, 2003, Cyberverse started seeing a new worm probing around from random hosts on the 'net:
Time(PST)     SrcIPaddress    Port  DstIPaddress     Port  Type Bytes
                                                           
21:29:26.498  216.64.209.1    4352  209.151.248.221  1434  UDP  404
21:29:28.034  216.97.70.130   3119  209.151.240.203  1434  UDP  404
21:29:28.594  216.98.135.87   3334  209.151.238.74   1434  UDP  404
21:29:29.502  216.26.191.147  1806  209.151.250.126  1434  UDP  404       
21:29:31.022  216.131.94.31   1099  209.151.238.15   1434  UDP  404
21:29:31.474  216.26.191.147  1806  209.151.251.85   1434  UDP  404

It ramped up very quickly.

Discovering most vulnerable hosts across the 'net in something like 200 seconds.

Within 2 hours, we already have evidence of attacking hosts or networks getting shut down faster than new ones we being found.


-- Aaron Hopkins