NetWork Intrusion Attack: MSSQL.worm.helkern attempting to attack local port 1434 from IP address 94.188.21.147?

2

I was on the internet the other just finishing up a project for work and I saw my internet security saying network attack intrusion and I read about some of it but I can't fully understand the full concept so my questions are:

  1. what is a MSSQL network attack intrusion?
  2. what does the attack want?
  3. what is port 1434 and what is that port used for?
  4. why does this happen in the first place?

p.s. my security is Kaspersky 2010 internet suite
OS is Windows Vista SP2 (home basic)
internet connection is a modem not router...

Tyler

Posted 2011-05-02T23:28:30.100

Reputation:

Answers

0

Its an unfortunate fact of life that many botnets attempt to exploit random systems which might run vulnerable software. In this case ISCS seems to think its the sql slammer worm. If you're not running a unpatched version of MSSQL you should be alright.

From the linked page

The Microsoft SQL Server (MSSQL) contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts. MSSQL vulnerabilities are well-publicized and actively under attack. Two recent MSSQL worms in May 2002 and January 2003 exploited several known MSSQL flaws. Hosts compromised by these worms generate a damaging level of network traffic when they scan for other vulnerable hosts.

Journeyman Geek

Posted 2011-05-02T23:28:30.100

Reputation: 119 122

Asked: 2011-05-02T23:28:30.100

Viewed: 266 times

Active: 2011-05-02T23:50:01.460