Attacco mondiale alla rete
Della cosa se ne parla su tutti i maggior forum di server come
Ecco cosa si dice dell'accaduto :
tratto dal ns hoster
Situazione MONDIALE internet-----che giornata----
A rotazione diverse linee (di centinaia di NOC) sono state fermate.
Questa mattina abbiamo saputo da diversi NOC statunitensi che a casua di un BUG ms windows (BUG SQL server della MICROSFT) , moltissimi servers wink locati in USA sono stati fermati poichŔ venivano utilizzati per attacchi ddos agli altri server
La situazione sembra quasi mondiale, visto che questi cracker stanno cercando in tutto il mondo questi bug per poter fare il loro comodo.
Da questa notte non fanno che staccare linee su linee per limitare i danni e l'uso di banda
(alcuni attacchi sono arrivati a 80m
QUI le info inviateci dai NOC:
We're currently having network issues, that we're aware of, seems some major backbones are having problems. We will update you once the issue has been resolved. Thanks for your patients this problem is not isolated to atjeu dc1 or dc2 or dialtone or rack*, which are separate buildings and separate networks with completely separate providers. Customers were reporting in our help desk tickets that it seemed a good percentage of sites on the entire internet are having an issue too. In fact you might notice a whole lot of windows based servers on the internet having issues... there is some hack out for windows servers that is a ddos attacker - it must have been coordinated to start at the same time all over the place on most all windows 2k servers... We only have one or two windows servers at dc1 and they were removed quickly as the problem was about 80mbits of ping with an unidentifiable packet type (which we will probably be reading about shortly in security releases). Anyway, DC1 wasnt down much for that reason and the problem was quickly rectified - If you have a windows server at DC1 and you are still down... guess what.. you are looking at being down until someone out there finds and has a fix for this (which may include an os reinstall) - we cannot put any of these windows servers back online at this point. DC2 is another story, we have many more windows servers there... however we have got them all unplugged at this point, but DC2 is a shared data center and unfortunatley other companies dont seem to be as fast as we are in responding to emergencies so there are still windows servers data center wide belonging to many different companies that need to be removed. We will be "assisting" them in their removal whether they like it or not shortly if they dont respond. As soon as the last windows machine is removed everything will be fine... unless you have a windows machine in which case we really dont know when you will be able to be back online. If you have a windows server you need to start searching the internet and looking for a solution. Please keep in mind we cannot return all the calls that have come in so please dont expect us too We will reply to all the tickets with this message to everyone... (as we write this more sysadmins are showing up at DC2 to kill their windows servers... good). ... ok, all windows servers have been removed, everything is once again fine... we all have some $&*#^ hacker getting his jollies somewhere to thank for this... If anyone comes across some tech writeups on this please let us know... we are currently calling all providers and having them put blocks on the ports these windows servers are using... we have definitely confirmed this is a worldwide issue... as always we are giving 100% over here - you can inform your customers of the issue -with everyone looking someone is bound to find some info on this shortly... hope everyone has a better night then it has been so far
Today, 1/25/03, beginning at 12:30 EST, an MS-SQL worm began propogating
throughout the Internet. Because of this worm, there were latency
throughout our network, as well as the rest of the Internet.
In particular this worm utilizes UDP port 1434 on Microsoft SQL service
spread itself. Once it has infected a machine, that machine begins
sending out packets to random destinations on the Internet, attempting
spread itself further.
We have applied an access control list entry on our routers to block
port. All customers who are using MS-SQL on the Windows platform, must
immediately apply the SQL Service Pack 3 update. More detailed