Geek Style
Iljitsch van Beijnum, author of my favorite book BGP, explains his experience with MS SQL worm and its effect on Cisco routers on Oreilly Network’s ONLamp.com.
Almost the same thing happened to me last week which caused complete crash on our edge router. We were running CEF but it didn’t help. After getting into router through serial console and shutting down all interfaces I found that there is sort of malformed traffic is passing through our edge router headed to internet from our local network. I didn’t even had chance to do traffic inspection on the router itself, since once I was trying to bring up the FastEthernet interface, the cpu usage on the router hits the max. So I got into the Catalyst switch and checked all connected interfaces for abnormal traffic pattern, and I found it! It was an infected MS SQL host inside our network.
Folks, please keep your windows box up to date. This is serious.
If you enjoyed this article, please consider sharing it!
My Book
Network Administration with FreeBSD 7 is a book for intermediate and advanced system and network administrators who wants to get more familiar with internals and extract the full potential of FreeBSD 7 operating system.
