Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: SQL Slammer activity - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SQL Slammer activity
Has anyone else seen a large number of SQL slammer attempts since the 28th? Using the ET emerging-sql.rules with Suricata I've seen approx. 761,000 events since then, printable payload looking indeed like it should and seems to be working its way through addresses in our space:

....................................................................................................B.........p.B.p.B........h...B.....1...P..5....P..Qh.dllhel32hkernQhounthickChGetTf.llQh32.dhws2_f.etQhsockf.toQhsend....B.E.P..P.E.P.E.P..P....B....=U..Qt.....B....1.QQP............Q.E.P.E.P..j.j.j...P.E.P.E.P........<a...E...@...........).......E.j..E.P1.Qf..x.Q.E.P.E.P....
lwhitworth

2 Posts
Yes, I'm seeing the same traffic (also starting on the 28th) against my perimeters as well... mostly sourced from IPs in China. da1212

69 Posts
Cheers for confirming I wasn't alone in seeing this activity. Appreciated lwhitworth

2 Posts

Sign Up for Free or Log In to start participating in the conversation!