|
|
 |
|
|
Pages: 1
More Problems Associated with Slammer Worm
(Click here to view the original thread with full colors/images)
Posted by: TotalRecall
Security companies Inca and Hauri have announced the discovery of an underlying cause of the problems experienced by the recent Slammer worm:
According to both companies the factors were not just the Worm.SQL.Slammer, which exploits the vulnerability of SQL server, but also the net traffic overload caused by the LAN environment protocols.
Under a general LAN environment when the SQL server gets infected by Slammer worm, it randomly sends out packets to massive random IP addresses. After being received by other computers that are connected to the same hub with the SQL server, the packets go through series of processes and cause transmission of a large number of Reverse Name Resolution query packets (port 53) to the DNS server. As a result, all the computers that are connected to the SQL server produce similar effect as DDos attack to the DNS server and the upper level DNS servers of ISPs crash because they can no longer handle the overload by the request of Reverse Name Resolution service.
So the actual cause of the DNS server down is not the overload by communications between SQL servers as widely known, but in fact the DNS query activities by other PCs on the same network as the SQL server. In fact, according to the Reuter News Agency, as many as five of the 13 Internet root name servers has been downed because of the outbreak.
Read more.
|
|
|
|
|
