The attacks used Microsoft SQL servers as their vector, according to early reports from Sonic.Net, a service provider located in the northern San Francisco Bay area. Sonic first caught wind of the problem around 1:30 a.m. Eastern Time, as technicians were investigating delays and dropped packets throughout Sonic's network. Within an hour, they had isolated the problem, confirmed it with UUNet, and posted this dramatic message to users:
- The Internet has broken. We do not yet know the source of the DoS but we believe that it may be another worm that attacks Microsoft servers. At this time, large portions of the Internet are still unreachable. There have been widespread reports that this DoS also took the lives of many Cisco routers, including one of our 7500 border routers. Our internal network is functioning at 100% but many sites have yet to restore service and I would anticipate, may not return for some time.
Other U.S. ISPs weren't immediately reachable Saturday morning, partly because of the early hour, and partly because, well, the Internet was broken. Update
It appears that systems running SQL Server 2000 are vulnerable to the attack. The Light Reading Website doesn't use this software, which may be why it's still up. Earlier difficulties in accessing our Website were probably caused by an evaluation copy of SQL Server 2000 running on a single desktop PC, which saturated a T1 line, according to our ISP.
Light Reading is monitoring a number of corporate Internet access lines as part of its Traffic Tracker project (see Track Your Traffic). This indicates outages on access lines supplied by the following service providers:Light Reading