Home

slammer

Slammer, also known as SQL Slammer or W32.SQLSlammer.Worm, was a fast-spreading computer worm that emerged in January 2003. It specifically targeted Microsoft SQL Server 2000 and the SQL Server Desktop Engine (MSDE 2000) by exploiting a vulnerability in the SQL Server Resolution Service. The worm’s payload was unusually small, about 376 bytes, and could be transmitted in a single UDP datagram.

Propagation and technical details: Slammer propagated by sending a single crafted UDP packet to port 1434,

Impact: The outbreak caused widespread disruption across networks and internet backbone infrastructure. Many routers and devices

Mitigation and legacy: Microsoft released the MS03-010 security update to patch the vulnerability, and administrators were

which
is
used
by
the
SQL
Server
Resolution
Service
for
name
resolution.
The
worm
generated
random
IP
addresses
to
scan
for
vulnerable
targets,
allowing
it
to
spread
rapidly
without
user
action
or
the
need
to
be
pre-installed
on
a
host.
Because
the
payload
was
tiny
and
the
exploit
executed
quickly,
thousands
of
hosts
were
infected
within
minutes
of
the
outbreak.
became
overwhelmed
by
the
surge
of
UDP
traffic,
leading
to
slowdowns
and
outages
in
multiple
regions.
Estimates
of
the
total
infected
hosts
at
the
peak
ranged
from
tens
of
thousands
to
around
75,000–100,000.
The
incident
highlighted
the
potential
for
rapid,
self-propagating
malware
to
disrupt
global
communications.
urged
to
disable
the
SQL
Server
Resolution
Service
or
restrict
UDP
traffic
on
port
1434.
Slammer
is
frequently
cited
in
cybersecurity
literature
as
a
watershed
event
that
underscored
the
importance
of
timely
patching,
network
filtering,
and
rapid
incident
response.