lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <005001c2c4cd$19ba6160$e62d1c41@basement>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Sapphire SQL Worm Analysis Complete

I've completed an analysis of the 'Sapphire' SQL worm targeting MS-SQL
servers.  Some have reported massive slowdowns.  An interesting part of this
worm results from its use of UDP.  Attacked hosts/networks may generate ICMP
Host/Port Unreachable messages in response to a Sapphire attack, amplifying
the attack's strength.  One other reason that this attack is worse for users
of home systems, etc. that don't run any servers, is because Sapphire sends
the entire 400 bytes or so in the initial packet, where scans from Code Red
and bretheren only prompted a 26 byte (or so) TCP SYN packet.

The full analysis is available at:
http://www.techie.hopto.org/sqlworm.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ