2002 6 3 1. 1.1 WG 1.2 14 Copyright (c) 2002 NPO Page 2
1.1 WG WG ( ) Copyright (c) 2002 NPO Page 3 1.2 14 14 SQLSlammer WG 13 CordRed Copyright (c) 2002 NPO Page 4
2. SQLSlammer 2.1 2.2 2.3 147 MS02-039 137 CodeRed MS02-039 SQL UDP/1434 UDP/1434 SQL Copyright (c) 2002 NPO Page 5 2.1 SQLSlammer 376 Copyright (c) 2002 NPO Page 6
2.2 SQLSlammer The Computer Science Division http://www.cs.berkeley.edu/~nweaver/sapphire/ 30 75 DNS Mi2g(http://www.mi2g.com/) 5 95000 12 Computer Economics ( http://www.computereconomics.com/ ) 77 75000 10 Bank of America 1/25 ATM 13000 Washington Mutual ATM127 Continental Airlines Microsoft Asheron s Call 2 (911) KT DNS () 860,000 SQLServer2000 52,000 49,000 3000 10 ( ) Copyright (c) 2002 NPO Page 7 2.3 (W32.SQLExp.Worm) http://www.symantec.com/region/jp/sarcj/data/w/w32.sqlexp.worm.html v1.0.4.1 (2003/4/8) (WORM_SQLP1434.A) http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?vname=worm_sql P1434.A (2003/4/8) (Sapphire, Slammer) http://www.f-secure.co.jp/v-descs/v-descs3/slammer.htm Slammer (2003/4/8) (W32/SQLSlammer) http://www.nai.com/japan/virusinfo/virs.asp?v=w32/sqlslammer SQLSlammer (2003/4/8) (W32/SQLSlam-A) http://www.sophos.co.jp/virusinfo/analyses/w32sqlslama.html MS02-039 (2003/4/8) Copyright (c) 2002 NPO Page 8
3. CodeRed 3.1 3.2 3.3 Copyright (c) 2002 NPO Page 9 3.1 CodeRed WINDOWS2000IIS (MS01-033) CodeRed IIS IIS OS IIS Web Windows2000 WindowsNT4 IIS IIS MS01-033) IIS Copyright (c) 2002 NPO Page 10
3.2 CodeRed CodeRed 12 2 20 40 75 Web IP (CodeRedII) 2 CodeRedII CodeRedII 14101 26 3,000 CodeRed CodeBlueCodeGreen (Anti CodeRed) CodeRed II Copyright (c) 2002 NPO Page 11 3.3 718 731 CodeRed v2 84 CodeRed 6 717 81 CodeRed (CodeRed v2) 84 CodeRed 5 718 20 84 CodeRed 5 CodeRed DB Copyright (c) 2002 NPO Page 12
4. 4.1 4.2 4.3 Copyright (c) 2002 NPO Page 13 4.1 SQLSlammer CordRed SQLSlammer DNS( ) DDoS Copyright (c) 2002 NPO Page 14
4.2 Copyright (c) 2002 NPO Page 15 4.3 Copyright (c) 2002 NPO Page 16
5. 5.1 WG 5.2 5.3 5.4 Copyright (c) 2002 NPO Page 17 5.1 WG SQL SlammerCordRed WG Copyright (c) 2002 NPO Page 18
5.2 JNSA Copyright (c) 2002 NPO Page 19 5.3 (Michiko Takagi) (Kenta Naraoka) (Tsuneyoshi Hamamoto) Yonezawa, Kazuki Akira Watanabe Copyright (c) 2002 NPO Page 20
5.4 SQL Server SQL Slammer http://www.microsoft.com/japan/technet/security/virus/sqlslam.asp SQLSlammer http://www.digitaloffense.net/worms/mssql_udp_worm/ SQLSlammer http://www.digitaloffense.net/worms/mssql_udp_worm/windbg_exceptions.jpg http://www.digitaloffense.net/worms/mssql_udp_worm/windbg_exploit_mem.jpg SQLSlammer perl http://www.digitaloffense.net/worms/mssql_udp_worm/worm.pl SQL Server David Litchfield http://archives.neohapsis.com/archives/vuln-dev/ 14-q3/0472.html CodeRed ugpop http://home.netyou.jp/gg/ugpop/academy001-010.htm IIS eeye Digital Security http://www.eeye.com/ CordRed http://www.eeye.com/html/research/advisories/al20010717.html CordRed II http://www.eeye.com/html/research/advisories/al20010804.html Copyright (c) 2002 NPO Page 21