EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
821 Dec 2014 - 14:20ThomasMisa 
722 Jul 2014 - 17:28ThomasMisa 
625 Feb 2014 - 10:11norqu036? 
518 Feb 2014 - 10:09norqu036? 
422 Jan 2014 - 19:46norqu036? 
328 Oct 2013 - 19:30ThomasMisa(minor)  
208 Oct 2013 - 10:16norqu036? 
108 Oct 2013 - 10:06norqu036? 

Render style:     Context:

 History: r8 < r7 < r6 < r5 < r4
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Events>EventsSQLSlammer (revision 5)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

SQL Slammer Worm

The SQL Slammer worm (also called the Sapphire Worm) was notorious for the speed with which it spread after first being released at 5:30 UTC on January 25, 2003. Within ten minutes, the worm infected more than 75,000 hosts, about ninety percent of all those vulnerable. Though the worm contained no malicious payload, its rapid propagation caused network overloads and disabled database servers. By the morning after its release, 13,000 Bank of America ATMs were offline, Continental Airlines was forced to use manual check-in, and Internet trading on the South Korean stock market was sharply reduced. Because it spread too quickly for any human-based response, SQL Slammer led to greater use of automated forms of security to combat such attacks.(1)(2)

SQL Slammer was a small piece of code, only 376 bytes of data, and infected the Microsoft SQLServer 2000 host. The entire worm, including headers, created a single 404-byte UDP packet.(3) The worm did not actively seek to damage its host, and made no attempt at inspecting or modifying files, nor at interfering with program execution on the infected server. Instead, the worm focused solely on its own propagation by generating random IP addresses and sending User Datagram Protocol (UDP) packets from its host to each address. The worm exploited a buffer overflow vulnerability in the SQLServer 2000 software. Microsoft released a patch to fix the vulnerability six months earlier, but many servers had not yet installed it at the time of the worm's release. Had the worm contained a malicious payload, its effects would have been farm more severe.(4)(5)


1 , 4 : http://cacm.acm.org/magazines/2003/4/6862-on-sapphire-and-type-safe-languages/fulltext

2 , 5 : http://www.computer.org/csdl/mags/sp/2003/04/j4033-abs.html

3 : http://www.caida.org/publications/papers/2003/sapphire/sapphire.html

Edit | WYSIWYG | Attach |  PDF |  History: r8 < r7 < r6 < r5 < r4 |  Backlinks |  Raw View | More topic actions...
Topic revision: r5 - 18 Feb 2014 - 10:09:27 - norqu036
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback