Hi Mario:
I just tried some downloads (10:00 PM PTZ) and all SuSE mirrors that I tried "timed out."
Internet health Report http://www.internetpulse.net/
now shows a number of US backbone providers including At&T going critical
(in the red zone - ) so you are not alone.
SQLsecurity.com is recommending blocking access to TCP 1433 and UDP 1434 from all un-trusted clients which it appears you are doing by your rules.
You didn't say if you have a SQL Server inside your firewall.
Do you?
If so you might look at SQLsecurity.com
Sorry I can't be more helpfull :((
*************
"Mario Neubert"
Hello List,
Just I have seen the graphics of my server with MRTG. This fu..... crackers. My system is stable but the trafic is very high. The rules with udp/tcp - 1433/1434 does blocking the unicast traffic but also multicast trafic comes in and I don't know what can I do against this. It seems to be the MSSQL-Worm on a multicast adress.
List, have anyone any idea? Many thanks....
Mario
PS:
tcpdump> 217.175.233.161.1181 > 224.41.16.185.1434: udp 376
I have inserted following rules to SuSEfirewall
DROP all -- 0.0.0.0/0 224.0.0.0/8 DROP all -- 217.175.233.161 0.0.0.0/0 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1433 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1434 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1434
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/