ATLAS Service Report: Global UDP/1434 (ms-sql-m)

Service Report

Global UDP/1434 (ms-sql-m)

View:
Attacks
Sources

Output:
Print
XML
CSV

Top Attacks (past 24 hours)

Description	Attacks per subnet	Change from yesterday	CVE	Percentage
Microsoft SQL Server version buffer overflow attempt	250.76	-16.0 %	CVE-2002-0649	100.0%
ping attempt	0.11	+2350.4 %		0.0%
EXPLOIT MS-SQL DOS bouncing packets	0.00	+100.0 %		0.0%
Other	0.00	N/A		0.0%

Sources (past 24 hours)

By Country

Country	Bytes per subnet	Percentage
CN (China)	402.71 kB	95.8%
JP (Japan)	7.19 kB	1.7%
IN (India)	2.61 kB	0.6%
BG (Bulgaria)	2.49 kB	0.6%
BR (Brazil)	2.40 kB	0.6%
US (United States)	1.92 kB	0.5%
AR (Argentina)	406.51 B	0.1%
ES (Spain)	282.28 B	0.1%
TW (Taiwan)	82.35 B	0.0%
NL (Netherlands)	46.50 B	0.0%
Other	103.60 B	0.0%

By ASN

ASN	Bytes per subnet	Percentage
AS4134 (CHINANET-BACKBONE)	267.81 kB	63.7%
AS4837 (CHINA169-BACKBONE)	71.55 kB	17.0%
AS17431 (TONET)	48.19 kB	11.5%
AS24444 (CMNET-V4SHANDONG-AS-AP)	9.05 kB	2.2%
AS4812 (CHINANET-SH-AP)	5.57 kB	1.3%
AS2527 (SO-NET)	3.09 kB	0.7%
AS17447 (NET4INDIA)	2.57 kB	0.6%
AS14463 (TDKOM)	2.38 kB	0.6%
AS4713 (OCN)	2.36 kB	0.6%
AS42081 (SPEEDY-NET-AS)	2.20 kB	0.5%
Other	5.45 kB	1.3%

By Host

Host	Bytes per subnet	Percentage
61.134.56.18	50.45 kB	12.0%
202.99.11.99	48.19 kB	11.5%
218.75.199.50	47.29 kB	11.3%
61.153.50.237	45.90 kB	10.9%
58.20.154.23	42.81 kB	10.2%
61.132.223.14	37.54 kB	8.9%
218.64.237.219 (219.237.64.218.broad.yt.jx.dynamic.163data.com.cn)	29.35 kB	7.0%
124.165.225.109	27.19 kB	6.5%
222.82.249.235	18.65 kB	4.4%
59.173.0.149	11.45 kB	2.7%
Other	61.42 kB	14.6%

By Country

Country	Attacks per subnet	Percentage
CN (China)	231.04	92.1%
US (United States)	4.27	1.7%
JP (Japan)	4.03	1.6%
IN (India)	2.40	1.0%
BR (Brazil)	1.76	0.7%
BG (Bulgaria)	1.37	0.5%
AR (Argentina)	0.91	0.4%
DE (Germany)	0.62	0.2%
PL (Poland)	0.53	0.2%
ES (Spain)	0.43	0.2%
Other	3.51	1.4%

By ASN

ASN	Attacks per subnet	Percentage
AS4134 (CHINANET-BACKBONE)	153.83	61.3%
AS4837 (CHINA169-BACKBONE)	40.25	16.0%
AS17431 (TONET)	26.22	10.5%
AS24444 (CMNET-V4SHANDONG-AS-AP)	5.31	2.1%
AS4812 (CHINANET-SH-AP)	4.22	1.7%
AS4713 (OCN)	2.33	0.9%
AS17447 (NET4INDIA)	1.92	0.8%
AS42081 (SPEEDY-NET-AS)	1.27	0.5%
AS14463 (TDKOM)	1.24	0.5%
AS2510 (INFOWEB)	0.74	0.3%
Other	13.52	5.4%

By Host

Host	Attacks per subnet	Percentage
61.134.56.18	27.83	11.1%
202.99.11.99	26.22	10.5%
218.75.199.50	25.98	10.4%
61.153.50.237	25.68	10.2%
58.20.154.23	23.72	9.5%
61.132.223.14	20.71	8.3%
218.64.237.219 (219.237.64.218.broad.yt.jx.dynamic.163data.com.cn)	16.34	6.5%
124.165.225.109	15.08	6.0%
222.82.249.235	10.39	4.1%
59.173.0.149	6.22	2.5%
Other	52.68	21.0%

Background

Description:	Microsoft-SQL-Monitor
Vendors:	Microsoft

Vulnerabilities

CVE-2002-0649

Age: 2172 days

Severity: High

CVSS Score: 7.5

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.