Discussion in 'Trojan Defence Suite' started by TDStest, Jan 25, 2003.
IS TDS site down? What's the url?
Can't get it here in the UK - Wonder if it's to do with the DOS attack on Australia's main ISP?
See for example this thread about what is going on on the internet right now:
I had read posts earlier about Port 1434 being hit but took no notice until I saw about attack on Aust main ISP.
I am still fine, but I also cannot connect to DiamondCS and then I checked my logs. holy smokes batman I was slammed from pillar to post with 1434 hits. My firewall log is a mile long.
check out the source IP's, ALL different.
thank god for FW's.
Hmm, I'm just wondering why are you thankful for firewalls? In this case, the worm is trying to probe UDP port 1434. almost all homeusers don't have a SQL server running so nothing is listening on that port and the probe is harmless.
Whether you have a firewall or not is irrelevant except that you can get panicky when you see so many hits
Anyway, www.diamondcs.com.au still or again works.
Not running the MS SQL server myself no hits, but those who like to see the packets with FW fully up of course in TDS > Network > TCP Port Listen , listen on 1434 and you might like to allow it as a server if you really like. Anyway, see packets coming in and not harm.
Port Explorer socket spy can be looked at too.
How would you use socket spy to monitor that port if you don't have a program or service using it? Do you mean to use socket spy to monitor TDS: TCP Port Listen ?
Jooske, Here is a snapshot of the hits on WallWatcher yesterday between 1000 & 2400: PC was off before 1000 for some maintenance - WallWatcher sees what the router is seeing.
Think I caught the tail end of the main spread.
The green line is 1434 & the red is 137
The TCP Port Listen can emulate a server, so you listen, packet send and can't harm as you don't have the real server. But with PE you can only look at packets if there are real processes, i doubt if you would get more then via the TCP Port Listen.
People with the sql server better first take measures like patching and blocking ports etc.
Separate names with a comma.