1 / 10

Impacts of slammer worm in Taiwan

Impacts of slammer worm in Taiwan. The first message about the worm we got was at 12:00pm, Jan 25 . Some engineers of ISPs were call back to handle the unusual network traffic.

ward
Download Presentation

Impacts of slammer worm in Taiwan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Impacts of slammer worm in Taiwan • The first message about the worm we got was at 12:00pm, Jan 25. Some engineers of ISPs were call back to handle the unusual network traffic. • In the afternoon, many online game were affected by the worm, users report they can not connect to their game servers. The network has been slowing down.

  2. Impacts of slammer worm in Taiwan • At 10:00pm, Jan 25, we announced the news about this worm including methods to protect their SQL server. • At 11:30am, Jan 26, we published CA-2003-04 in Chinese. • Jan 26, most networks were getting back to normal, TANET (education network) were still down.

  3. Impacts of slammer worm in Taiwan • Jan 27, we contacted to Microsoft Taiwan, and they provided a web page to describe the worm and hotfix in the afternoon. • Jan 27, TANET were getting back, but we found some routing is corrupted. • After Jan 28, all networks came back to normal. There were still a few attack packets shown on the network, but no more incident reported.

  4. DNS Traffic Log • APOL

  5. DNS Traffic Log • Hinet

  6. DNS Traffic Log • TANET

  7. DNS Traffic Log • SEEDNet

  8. Numbers of incidents reported

  9. Analyze • The density and amount number of SQL server is much lower then IIS, situation of infection will not worse then CodeRed. • Packet size is larger, it means the packet number will less, and less effect on core routers. (CodeRed sends much more small packets)

  10. Analyze • Victims infected by slammer will first against to their local network. And this also means easy to find. • ISPs established their response team after CodeRed, so they can control the situation rapidly, and limit the range of damage.

More Related