Psionics server down?
- Thread starter HellHound
- Start date
Dragongirl
First Post
There was an attack on the internet yesterday. Seems that it was taking advantage of something in "SQL Server". A lot of sites were very slow including ENWorld (for some people). I don't know if this was behind the problem, but it might have been.
NiTessine
Explorer
I've been having the same problem. Doesn't identify hostname, or something like that. 
I need my chat fix.
This is what I dug up on the server worm. From http://slashdot.org/article.pl?sid=03/01/25/1245206&mode=nested&tid=109:
"Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434. This has effectively disabled 5 of the 13 root nameservers."
I need my chat fix.
This is what I dug up on the server worm. From http://slashdot.org/article.pl?sid=03/01/25/1245206&mode=nested&tid=109:
"Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published in June 2002. Several core routers have taken to blocking port 1434 outright. If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434. This has effectively disabled 5 of the 13 root nameservers."
reiella
Explorer
http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/index.html
Currently it looks like the current 'burp' in service is actually from the provider's routers redistributing DNS information.
It -should- be up sometime today, baring further grumblings. It was accessable shortly this morning for a couple hours, at least until my dns decided to forget its IP (and I'm too lazy to ever bother to write down the quadret).
Currently it looks like the current 'burp' in service is actually from the provider's routers redistributing DNS information.
It -should- be up sometime today, baring further grumblings. It was accessable shortly this morning for a couple hours, at least until my dns decided to forget its IP (and I'm too lazy to ever bother to write down the quadret).
KingOfChaos
First Post
Looks like CyberWEB Hosting took the psionics.net server completely offline. If you go to http://www.psionics.net/ you will see that it loads the main CyberWEB Hosting website and not the Psionics.net site.
Fast Learner
First Post
Umbran said:
Yes, but yesterday's was the largest in the last 18 months.
Edited to add that is was a worm that attacked the SQL Server monitor port. A patch that blocked the flaw has been available from MS for 6 months, but it still amazes me how many admins don't keep their patches up.
Last edited:
Similar Threads
