M5 Computer Security - SQL Slammer / Sapphire Worm Information

  Home

  Solutions

  Products
    Service Packages
    External Scanning Plus+
    Internal Scanning Plus+
    Security Assessment
    Third Party Services

  Testimonials

  How To Buy

  Contact Us

  Free Scans & Tools

  White Papers

  Security Glossary

  Security Report

  Global WHOIS

SQL Slammer Information Links

"...officials found that 96% of the successful attacks could have been prevented if users had followed protocols."

Source: Government Computer News, 28 April 2001, http://www.gcn.com/vol1_no1/daily-updates/4028-1.html

Off-site information (Open in new windows)
Relevant Microsoft Articles
http://www.microsoft.com/technet/security/virus/alerts/slammer.asp
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp
http://www.microsoft.com/technet/security/bulletin/MS02-056.asp
http://www.microsoft.com/technet/security/bulletin/MS02-061.asp

MS-SQL Patch:
http://www.microsoft.com/technet/security/bulletin/MS02-039.asp

MS-SQL Serivce Pack 3:
http://www.microsoft.com/sql/downloads/2000/sp3.asp

Cisco IOS commands to deny ports 1433/udp and 1434/udp
http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml

Eeye Security's Free Slammer Scanner
(does *not* find infected hosts)
http://www.eeye.com/html/Research/Tools/SapphireSQL.html

Latest discussion of the Worm on BugTraq
http://online.securityfocus.com/archive/1

CERT Advisory:
http://www.cert.org/advisories/CA-2003-04.html

Litchfield MS-SQL UDP Advisory:
http://www.ngssoftware.com/advisories/mssql-udp.txt

Worm Code:
http://www.digitaloffense.net/worms/mssql_udp_worm/ http://www.eeye.com/html/Research/Flash/sapphire.txt

MS-SQL CERT Advisories:
http://www.kb.cert.org/vuls/id/370308 http://www.kb.cert.org/vuls/id/399260 http://www.kb.cert.org/vuls/id/484891 http://www.kb.cert.org/vuls/id/796313

Relevant MS-SQL Exploits:
http://www.nextgenss.com/advisories/mssql-udp.txt http://packetstormsecurity.org/0211-exploits/sql2.cpp