Sheer Slammer bang

IT WAS indeed a Black Saturday in Hyderabad too. As the tiny worm burrowed its way through in the digital world, system administrators of various corporate houses in the State capital had a harrowing time. Just like their counterparts anywhere in the world, they, too, were unaware of what was happening. All they could notice was that performance of their SQL servers was unusually high.

Reason? `Slammer' was working overtime nay studiously. The 376-byte code, whose origin is still shrouded in mystery (though Americans suspect it to have originated from Hong Kong), has been wreaking havoc in the cyber world. Slammer, a small infectious code, has been attacking SQL servers by gaining entry through what techies call 1434 port, which allows network components to talk to other similar devices. After entering the server, it started replicating itself by sending thousands of probes every second looking for computers running on the same software.

As zillions of packets began traversing through the digital medium slowing down the Internet all over the world and also affecting regular operations, alarm bells were sounding in several corporate houses like Iris, Visualsoft, Vebtel, Grasim, Mediland and all ISPs like Satyam, Nettlinx and Bharti in Hyderabad. Like they say all hell was breaking loose. Throughout Saturday, the system administrators kept their fingers crossed and waited for Norton and Microsoft to announce patches to shield the servers from the Slammer worm.

``It was unusual. Our network management system was showing optimum server performance. Initially, we disconnected all the servers and reconnected them again. We searched the Net, but it was too slow. As a precautionary measure, we used a back-up NT server and transferred the database to it. It was working fine. It meant NT servers were functioning while SQLs were affected. Then came calls from others enquiring whether there were any problems with SQLs. It was then confirmed that it was not isolated but all those using SQL servers were affected,'' recalls Sridhar Kusumba of Vebtel, a VoIP company, based in Hyderabad.

By Saturday evening Microsoft (which incidentally also had unpatched SQL servers falling prey to Slammer work), released a patch and Norton, too, put out a patch. It was only then the administrators heaved a sigh of relief. Thanks to Slammer, focus has now shifted to viruses and worms.Remember the major viruses unleashed in recent times? Chernobyl (June 1998): spreading through pirated software disks, it burnt out the start-up chip of PCs rendering them useless.

Melissa (Mar '99): released on a Friday, Melissa exploited a weakness in Windows OS and brought down several corporate networks. Lovebug (May 2000): spreading as an email attachment, it automatically sent mails to all in the address book and deleted music and image files on PCs. A Filipino, Reomel Ramones, was arrested but freed later as the Philippines had no legal authority to try him. Code Red aka Nimda (Sept '01): the most devastating one, it infected desktop PCs running windows and servers running MS integrated Internet servers web software.

And now, Slammer slam. What next?

By Srinivas Reddy K

Recommended for you