110 likes | 278 Views
Impacts of slammer worm in Taiwan. The first message about the worm we got was at 12:00pm, Jan 25 . Some engineers of ISPs were call back to handle the unusual network traffic.
E N D
Impacts of slammer worm in Taiwan • The first message about the worm we got was at 12:00pm, Jan 25. Some engineers of ISPs were call back to handle the unusual network traffic. • In the afternoon, many online game were affected by the worm, users report they can not connect to their game servers. The network has been slowing down.
Impacts of slammer worm in Taiwan • At 10:00pm, Jan 25, we announced the news about this worm including methods to protect their SQL server. • At 11:30am, Jan 26, we published CA-2003-04 in Chinese. • Jan 26, most networks were getting back to normal, TANET (education network) were still down.
Impacts of slammer worm in Taiwan • Jan 27, we contacted to Microsoft Taiwan, and they provided a web page to describe the worm and hotfix in the afternoon. • Jan 27, TANET were getting back, but we found some routing is corrupted. • After Jan 28, all networks came back to normal. There were still a few attack packets shown on the network, but no more incident reported.
DNS Traffic Log • APOL
DNS Traffic Log • Hinet
DNS Traffic Log • TANET
DNS Traffic Log • SEEDNet
Analyze • The density and amount number of SQL server is much lower then IIS, situation of infection will not worse then CodeRed. • Packet size is larger, it means the packet number will less, and less effect on core routers. (CodeRed sends much more small packets)
Analyze • Victims infected by slammer will first against to their local network. And this also means easy to find. • ISPs established their response team after CodeRed, so they can control the situation rapidly, and limit the range of damage.