["Visser, Martin" <martin.visser@xxxxxx>]

Title: SQL Slammer - How to identify

I don't haev network access as I speak but I think you will find that a Snort rule exists for this which would pinpoint signature of the attack. (FWIW Snort uses libpcap like Ethereal and can read the same tcpdump files, so you find it useful to use this if you want to identify threats on a longer term basis)

 

Regards, Martin

 

Martin Visser ,CISSP
Network and Security Consultant
Consulting & Integration
Technology Solutions Group - HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia

Phone: +61-2-9022-1670   
Mobile: +61-411-254-513
Fax: +61-2-9022-1800    
E-mail: martin.visserAThp.com
 

 

---

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Greg Saunders
Sent: Thursday, 18 November 2004 12:04 PM
To: 'Ethereal user support'
Subject: [Ethereal-users] SQL Slammer - How to identify

Hey folks,

How can I identify the SQL slammer if I am capturing all the packets on my switch through a monitoring port?  What specifics should I look for… is there a filter or something to spot this?

Thanks

Greg Saunders - IT Analyst

The Branch Group, Inc.

P.O. Box 40004, Roanoke, VA 24022
Phone: 540-982-1678 (x406) Fax: 540-982-4217