SQL Slammer

What Does SQL Slammer Mean?

SQL Slammer is a worm that targets unpatched Microsoft SQL 2000 servers. The worm spreads between servers, increasing traffic on UDP port 1434 and causing heavy network traffic that can slow down network performance and lead to denial of service. SQL slammer does not carry a destructive payload. Despite its name, it does not use the SQL language.

Advertisements

Home PCs generally aren’t affected by this worm. Because it stays in a system’s memory, it is easy to remove.

Techopedia Explains SQL Slammer

The 376-byte worm packet only affects SQL servers that are not running SP3, a Windows software service pack that includes a patch to fix the buffer overflow bug the worm exploits. The small piece of worm code generates random IP addresses and sends itself to those addresses from the infected system.

The main symptom of an SQL Slammer infection is high outgoing traffic to UDP 1434. Because the worm was able to fit into one packet, it could be propagated rapidly as computers fired off infected packets. As a result, it caused several denial-of-service attacks in 2002 and 2003. A patch provided by Microsoft in 2002, as well as increased media coverage of this worm, had greatly reduced the risk of infection by 2004.

Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…