[LINK] The worm

David Boxall david.boxall@hunterlink.net.au
Sun, 09 Feb 2003 10:38:21 +1100

Woody Leonhard has more to say on Sapphire/SQL Slammer:
"Last week I ranted about Microsoft SQL Data Engine - MSDE - the 
slightly-stripped-down version of SQL Server that gets installed with 
all sorts of Microsoft and non-Microsoft products and custom 
applications, including many custom Access databases programs."
"There's ... a list of more than 100 custom Access applications that 
use MSDE at
The list includes many names you'll recognize, including Computer 
Associates, Trend Micro, Peachtree, Network Associates, PowerQuest, 
Dell, Microsoft and Great Plains, McAfee, Lyris, JD Edwards, HP, 
Veritas, Compaq, and Cisco."
"Sometime last week, Microsoft re-released its security bulletin
(http://www.microsoft.com/technet/security/bulletin/MS02-061.asp ) 
and mentioned that, oh golly, MSDE 1.0 is also vulnerable."
"I looked and couldn't find the MSDE 1.0 Slammer patch."
"Want to know how fast Slammer (a.k.a. Sapphire/SQL Slammer) 
"This worm required roughly 10 minutes to spread worldwide making it 
by far the fastest worm to date. In the early stages the worm was 
doubling in size every 8.5 seconds. At its peak, achieved 
approximately 3 minutes after it was released, Sapphire scanned the 
net at over 55 million IP addresses per second."

Nicholas Weaver and his team at UC Berkeley have a fascinating report 
on SQL Slammer at http://www.cs.berkeley.edu/~nweaver/sapphire/ ."
"To me, the real eye-opener was the extent to which MSDE has taken 
over so many desktops."

It's early days.

David Boxall                     |  The more I learn
david.boxall@hunterlink.net.au   |  The more I realise
                                 |  How little I know