Is the TDS site down?

Discussion in 'Trojan Defence Suite' started by TDStest, Jan 25, 2003.

Thread Status:
Not open for further replies.
  1. TDStest

    TDStest Guest

    IS TDS site down? What's the url?
     
    TDStest, Jan 25, 2003
    #1
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    :mad: Can't get it here in the UK - Wonder if it's to do with the DOS attack on Australia's main ISP?
     
    Pilli, Jan 25, 2003
    #2
  3. FanJ

    FanJ Guest

    See for example this thread about what is going on on the internet right now:

    http://www.wilderssecurity.com/showthread.php?t=6651
     
    FanJ, Jan 25, 2003
    #3
  4. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    I had read posts earlier about Port 1434 being hit but took no notice until I saw about attack on Aust main ISP.

    I am still fine, but I also cannot connect to DiamondCS and then I checked my logs. holy smokes batman I was slammed from pillar to post with 1434 hits. My firewall log is a mile long.

    check out the source IP's, ALL different.

    thank god for FW's.
     

    Attached Files:

    Tassie_Devils, Jan 25, 2003
    #4
  5. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Hmm, I'm just wondering why are you thankful for firewalls? In this case, the worm is trying to probe UDP port 1434. almost all homeusers don't have a SQL server running so nothing is listening on that port and the probe is harmless.

    Whether you have a firewall or not is irrelevant except that you can get panicky when you see so many hits :)
     
    JayK, Jan 25, 2003
    #5
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Anyway, www.diamondcs.com.au still or again works.

    Not running the MS SQL server myself no hits, but those who like to see the packets with FW fully up of course in TDS > Network > TCP Port Listen , listen on 1434 and you might like to allow it as a server if you really like. Anyway, see packets coming in and not harm.
    Port Explorer socket spy can be looked at too.
     
    Jooske, Jan 25, 2003
    #6
  7. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi Jooske,

    How would you use socket spy to monitor that port if you don't have a program or service using it? Do you mean to use socket spy to monitor TDS: TCP Port Listen ?

    Loki o_O
     
    Loki, Jan 25, 2003
    #7
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Jooske, Here is a snapshot of the hits on WallWatcher yesterday between 1000 & 2400: PC was off before 1000 for some maintenance - WallWatcher sees what the router is seeing.
    Think I caught the tail end of the main spread.
    The green line is 1434 & the red is 137 :D
     

    Attached Files:

    Pilli, Jan 26, 2003
    #8
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The TCP Port Listen can emulate a server, so you listen, packet send and can't harm as you don't have the real server. But with PE you can only look at packets if there are real processes, i doubt if you would get more then via the TCP Port Listen.
    People with the sql server better first take measures like patching and blocking ports etc.
     
    Jooske, Jan 26, 2003
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...