- Gold, 750 points or more
The worm signature is high volumes of User Datagram Protocol (UDP) traffic to port 1434. Affected customers experience high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include (but are not limited to) high CPU and traffic drops on the input interfaces.
Transmission Control Protocol (TCP) port 1433 and UDP port 1434 are used for Structured Query Language (SQL)server traffic. A new worm targets UDP port 1434. This worm attempts to exploit the buffer overflow vulnerability in Microsoft's SQL Server.
For more information, refer to these documents:
- For Microsoft's security advisory on this issue, refer to PSS Security Response Team Alert - New Worm: W32.Slammer.
- For Cisco products that are affected by this worm, refer to Cisco Security Advisory: Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061.
- For a specific recommendation on workarounds, refer to Cisco Security Notice: MS SQL Worm Mitigation Recommendations.