Widespread Worm Penetration Slows Internet
Since Midnight, January 24th EST Internet hosts have been under attack
Hosts attacked with 376 byte UDP payload aimed at Port 1434 (MS SQL)
Some hosts are receiving 10 per minute UUNet has been hit the hardest with latencies in the critical range of greater than 200ms Disabled 5 of the 13 root servers
Believed to use MS SQL vulnerability published in June 2002
CERT Advisory CA-2003-04 (MS-SQL Server Worm) Queries Port 1434 to see if NetBios (139/445) or sockets (1433) Uses Buffer Overflow to overwrite saved return address or other memory location Once installed in compromised system, worm sends 1434 probes to find other hosts
Recommended actions
If you run as MS SQL server, pull it off the public net. If you manage a gateway, consider dropping all UDP packets sent to port 1434 Install the latest MS SQL Server patches
Websites that can be used to track this event
Home Networking 101
Network Addressing
Internal versus External Addressing DHCP Server and Proxy Server
Port Addressing
Well Known Ports and Methods of Attack Port Filtering and Firewalls
Wired Access Devices
Wireless Access Devices
ZdNet Reveiw: ABCs of 802.11 802.11b
Operates at 2.4 GHz and 10 Mbsp Also called Wi-Fi Dominant device on shelves now
802.11g
Operates at 2.4 GHz and 55 Mbps Emerging standard selected by Apple
802.11a
Operated in 5 GHz band and 55 Mbps Devices on the shelves now, still pricey
802.11a/802.11b combo devices will probably win by end of 2003
Tips for network
Get a Combo Device (DHCP Server, Proxy Server, Firewall, AP) Place wireless access point in middle of home Use Home Phone Line Network if you have access problems in selected areas
Wireless Security Issues
Implement Wireless Encryption Protocol (WEP) Implement IP Address Filtering (only allow your machines to connect) Disable DHCP for added protection (added protection) Select non-default IP internal IP address range (added protection) But remember network can still be cracked
University of Maryland Student Use Text Messaging to Cheat
Twelve students are accused of using their cell phone to cheat Use text messaging to receive answers from friends who had exam keys Text messaging has also been used in class to send electronic notes
Students Fight for Cell Phones at James Logan Hi gh School
Cell phones used to be the domain of drug dealers Now on-third of all teens have them They were shown to be very useful in the Columbine incident James Morgan High (Union City, CA) is now allowing them
Before and after school and at lunchtime Not during breaks between classes or during class May be a national trend
Tech Talk Note: Fairfax County has allowed cell phones for several months
Stratford News
B.S. in Business Administration (Finance, e-Business, or Management Focus) B.S. in Information Technology (Security or Business Focus) B.A. in Hospitality Management (Culinary or Hotel Focus) Master of Science (E-Business or Telecommunication Systems) Technology Course Concentrations
Security (CISSP, Wireless, Cisco, Industry Neutral) Windows2000 Cisco Oracle Database Driven Website Development