Network-based attacks are in the news with increasing frequency. Among the preventative steps NACS takes is to close network “ports” used by these attackers. Two recent examples are “Messenger spam” and the “SQL Slammer Worm.”
The Windows Messenger Service is a normal part of the Windows Operating system, intended to allow system administrators to communicate with computer users. But hackers have figured out how to send pop-up ads to your computer, without your permission, using this same mechanism. Once NACS closed the Messenger network port, UCI computer users could no longer be reached by these innovative spammers.
The weekend of January 25-26, thousands of computers and networks around the country were disabled by the SQL Slammer Worm, aka “Sapphire,” which attacks computers through the MS SQL service. Vern Paxson of LBNL reports,
“This worm required roughly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims and probably considerably more.”
UCI users hardly noticed the attack that crippled other campuses, and even parts of Microsoft itself, because NACS had previously closed the SQL network port used by the worm (following advice from Foundstone, one of UCI’s security partners).
- More on Windows Messenger Service
- More on the Slammer Worm