advertisement

Listen Print

Slammer

by Derrick Story
Network Newsletter for 01/29/2003

Dear Reader,

The Microsoft SQL worm known as "Slammer" caused pager-beeping mayhem for system administrators all over the world on Saturday morning.

The worm itself is interesting from a purely technical standpoint. Apparently, it is less than 400 bytes in size and fits nicely in a single UDP package. That's quite a reduction in overhead from previous worms such as Code Red and Nimda. The upshot is that each data packet can contain a complete copy of the worm. That's efficient.

When the Saturday morning attack began, packet loss across the Internet was reported to be close to 20 percent, compared to the normal 1 percent figure. Once sysadmins got to work, loss was reduced to about 5 percent by later that day.

To subscribe to the O'Reilly Network newsletter (or other newsletters), visit https://epoch.oreilly.com/account/default.orm and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).

To change your newsletter subscription options, please visit https://epoch.oreilly.com/account/default.orm and click the"Manage My Newsletters" link. For assistance, send email to

Many analysts are saying this is a wake-up call for the Internet caretakers. Others say it's just another battle in the ongoing war between crackers and corporate interests.

Regardless of your personal viewpoint about the societal impacts of this event, we thought you might like to read a solid article looking at the technical ramifications of Slammer. Iljitsch van Beijnum, author of O'Reilly's "BGP: Building Reliable Networks with the Border Gateway Protocol," has just published, "Network Impact of the MS SQL Worm."

You might want to stop by for a quick read.

Until next week,

Derrick

Derrick Story
O'Reilly Network Managing Editor
derrick@oreilly.com

Featured Articles

Network Impact of the MS SQL Worm
Iljitsch van Beijnum, the author of BGP and a network manager, describes how he dealt with the MS SQL worm attack.

What Is a Flash MX Component?
With the release of Flash MX, Macromedia added an extensible library of user interface widgets, known as the Flash UI Components. Colin Moock, author of ActionScript for Flash MX: The Definitive Guide, 2nd Edition, explains what these components are, and he includes several resources for creating and using them.

Stein on Bioinformatics
Lincoln Stein is an associate professor at Cold Spring Harbor Laboratory and a keynote speaker at O'Reilly's upcoming Bioinformatics Technology Conference. We talk with Lincoln about the bioinformatics technologies and tools he's most excited about.

The DigiCam Chronicles: Sound Is Half the Picture
You can add pro-quality voiceovers to your digital imagery with just a few simple tools and Mac OS X. Derrick Story shows you how to easily record and edit QuickTime audio.

Sundance Gets in the Digital Groove
Digital Video is becoming more accepted among serious filmmakers, as witnessed at the 2003 Sundance Film Festival. Susan Boyer reports on new DV tools and discusses some of the more popular digital video entries at the festival.

Distributed .config Files with Smart Clients
The new model provided by .NET smart clients has really taken hold in the imaginations and the business plans of .NET developers. The idea of getting the best of both the richness of real Windows applications and the zero-touch installation of web-based applications is turning the heads of many an IT professional. Of course, as soon as a brand new model starts being put to real use, problems show themselves. In this new article, Chris Sells shows you how to solve these problems.

CVS Problems
Noel Davis looks at problems in Concurrent Versions System (CVS), DHCP, slocate, Vim, Linux printer drivers, susehelp, fnord, mpg123, Astaro Security Linux firewall, and phpLinks.

Learning the Terminal in Jaguar, Part 2
In Part 1, Chris Stone focused on rescheduling default system cron jobs by modifying the system crontab file. Here in Part 2, he shows you how to configure cron to email a report to you each time it runs one of these jobs.

Media is Ripe for a Convergence of a Different Sort
New technology always presents a range of possible new practices. Andy Oram summarizes the ways that various observers have suggested handling the onslaught of the digital age in media. But are studios ready for constructive alternatives to the DMCA?

How to Get Rid of Denial-of-Service Attacks
Getting rid of DDoS attacks means filtering traffic. It's complicated by spoofing and congestion -- but Iljitsch van Beijnum, author of BGP, has three modest proposals.

802.11g's "Extreme" Emergence
The 802.11g spec uses a relatively new method of encoding bits onto radio waves in such a way as to squeeze up to 54 Mbps of raw data across a single channel. Apple has embraced this new technology in its AirPort Extreme radio cards. Here's how it works.

Table Functions and Cursor Expressions
In their continuing series on new Oracle 9i features, Steven Feuerstein, coauthor of Oracle PL/SQL Programming, 3rd Edition, and Bryn Llewellyn introduce cursor expressions and then show how those expressions can be utilized with table functions.

Opening Microsoft File Formats to Java
Microsoft's file formats were once black arts to developers on non-sanctioned platforms. Thanks to Jakarta POI, however, it's possible to read and write them from Java. Apache's Andrew C. Oliver and Avik Sengupta explain the basics of the project in the first of a series of three articles.

Parsing RSS At All Costs
In his second Dive into XML column, Mark Pilgrim describes his parse-at-all-costs parser of ill-formed RSS feeds, using Python's sgmllib.

Screen-scraping with WWW::Mechanize
Screen-scraping is the job of programmatically navigating through a usually visual task - like a web site - and then dealing with the result; and WWW::Mechanize is the best screen scraper out there for Perl! Chris Ball puts the two things together, to ensure that he never misses his favourite TV shows again...

O'Reilly Network Top Five Articles Last Week

  1. PHP's PEAR on Mac OS X
    The PHP Extension and Application Repository (PEAR) is an online repository of high-quality, peer-reviewed PHP classes that conform to a rigorous coding standard. In this article, Jason Perkins shows you how to install, configure and use the PEAR Package Manager on Mac OS X 10.2

  2. Opening Microsoft File Formats to Java
    Microsoft's file formats were once black arts to developers on non-sanctioned platforms. Thanks to Jakarta POI, however, it's possible to read and write them from Java. Apache's Andrew C. Oliver and Avik Sengupta explain the basics of the project in the first of a series of three articles.

  3. Top Ten Digital Photography Tips
    You have a digital camera and have recorded the typical shots of family and friends. Now what? Here are ten tips to make your next batch of digital images so impressive that people will ask: "Hey, what type of camera do you have?" Guess what? It's not the camera.

  4. Learning the Terminal in Jaguar, Part 2
    In Part 1, Chris Stone focused on rescheduling default system cron jobs by modifying the system crontab file. Here in Part 2, he shows you how to configure cron to email a report to you each time it runs one of these jobs.

  5. Software Strategies for Emerging Developers
    When considering what type of software you want to bring to the market, which appeals to you: proprietary, shareware, open source, or freeware? Ruffnex, the creator of StreamRipper X, puts some cards on the table for you to consider how to play your hand.

Return to list of Network Newsletters.

Return to the O'Reilly Network.