SQL Slammer

What Does SQL Slammer Mean?

SQL Slammer is a worm that targets unpatched Microsoft SQL 2000 servers. The worm spreads between servers, increasing traffic on UDP port 1434 and causing heavy network traffic that can slow down network performance and lead to denial of service. SQL slammer does not carry a destructive payload. Despite its name, it does not use the SQL language.

Advertisements

Home PCs generally aren’t affected by this worm. Because it stays in a system’s memory, it is easy to remove.

Techopedia Explains SQL Slammer

The 376-byte worm packet only affects SQL servers that are not running SP3, a Windows software service pack that includes a patch to fix the buffer overflow bug the worm exploits. The small piece of worm code generates random IP addresses and sends itself to those addresses from the infected system.

The main symptom of an SQL Slammer infection is high outgoing traffic to UDP 1434. Because the worm was able to fit into one packet, it could be propagated rapidly as computers fired off infected packets. As a result, it caused several denial-of-service attacks in 2002 and 2003. A patch provided by Microsoft in 2002, as well as increased media coverage of this worm, had greatly reduced the risk of infection by 2004.

Advertisements

Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.