Ethereal-users: RE: [Ethereal-users] SQL Slammer - How to identify

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Thu, 18 Nov 2004 17:23:04 +1100
Title: SQL Slammer - How to identify
I don't haev network access as I speak but I think you will find that a Snort rule exists for this which would pinpoint signature of the attack. (FWIW Snort uses libpcap like Ethereal and can read the same tcpdump files, so you find it useful to use this if you want to identify threats on a longer term basis)
 
Regards, Martin
 

Martin Visser ,CISSP
Network and Security Consultant
Consulting & Integration
Technology Solutions Group - HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia

Phone: +61-2-9022-1670   
Mobile: +61-411-254-513
Fax: +61-2-9022-1800    
E-mail: martin.visserAThp.com
 

 

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Greg Saunders
Sent: Thursday, 18 November 2004 12:04 PM
To: 'Ethereal user support'
Subject: [Ethereal-users] SQL Slammer - How to identify

Hey folks,

How can I identify the SQL slammer if I am capturing all the packets on my switch through a monitoring port?  What specifics should I look for… is there a filter or something to spot this?

Thanks

Greg Saunders - IT Analyst

The Branch Group, Inc.

P.O. Box 40004, Roanoke, VA 24022
Phone: 540-982-1678 (x406) Fax: 540-982-4217