Port Details - Port 1434

Jan 10 667 Jan 11 747 Jan 12 786 Jan 13 797 Jan 14 809 Jan 15 696 Jan 16 684 Jan 17 819 Jan 18 793 Jan 19 771 Jan 20 758 Jan 21 690 Jan 22 636 Jan 23 561 Jan 24 580 Jan 25 686 Jan 26 732 Jan 27 651 Jan 28 631 Jan 29 668 Jan 30 700 Jan 31 768 Feb 01 721 Feb 02 579 Feb 03 566 Feb 04 609 Feb 05 511 Feb 06 505 Feb 07 498 Feb 08 550 Feb 09 372 Jan 10 77,442 Jan 11 84,228 Jan 12 100,198 Jan 13 76,940 Jan 14 77,124 Jan 15 76,906 Jan 16 77,342 Jan 17 77,553 Jan 18 77,362 Jan 19 76,792 Jan 20 77,388 Jan 21 81,235 Jan 22 76,226 Jan 23 76,225 Jan 24 76,193 Jan 25 74,975 Jan 26 75,794 Jan 27 73,940 Jan 28 75,646 Jan 29 81,857 Jan 30 83,255 Jan 31 80,818 Feb 01 75,376 Feb 02 75,194 Feb 03 74,785 Feb 04 74,963 Feb 05 73,381 Feb 06 75,875 Feb 07 75,625 Feb 08 71,790 Feb 09 54,004
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
tcpms-sql-mMicrosoft-SQL-Monitor
udpms-sql-mMicrosoft-SQL-Monitor
udpms-sql-mSQL Slammer / Sapphire worm
[get complete service list]

User Comment

Submitted ByDate
Comment
Stephen Kawamoto2009-10-04 18:45:22
I looked over eeye.com's reverse engineering of the worm that did the SQL Slammer (given the name, "Sapphire Worm") on Jan. 25, and it's elegant, not quick and dirty. Reference: http://www.eeye.com/html/Research/Flash/sapphire.txt
Marcus H. Sachs, SANS Institute2003-10-10 00:35:20
SANS Top-20 Entry: W2 Microsoft SQL Server (MSSQL) http://isc.sans.org/top20.html#w2 The Microsoft SQL Server (MSSQL) contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts. MSSQL vulnerabilities are well-publicized and actively under attack. Two recent MSSQL worms in May 2002 and January 2003 exploited several known MSSQL flaws. Hosts compromised by these worms generate a damaging level of network traffic when they scan for other vulnerable hosts.
Johannes Ullrich2003-01-26 22:05:40
This port is used by the SQL Slammer or Sapphire worm. See 'analysis' section on homepage. Worm started at 12:30 AM January 25th. It is targeting MS-SQL servers on port 1434 (UDP).
David Berg2003-01-25 20:33:56
Observed 30 probes in 30 minutes from 30 sources -- all source port 69 to destination 1434 UDP. Probes continuing as I write this at the same pace. First probe at 21:35 Pacific time.
Add a comment

CVE Links

CVE #Description
CVE-2002-649 "Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name