The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study.
Reference:
Chindipha, S.D. and Irwin, B.V.W. 2017. An analysis on the re-emergence of SQL Slammer worm using network telescope data. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017
Chindipha, S., & Irwin, B. V. (2017). An analysis on the re-emergence of SQL Slammer worm using network telescope data. SATNAC. http://hdl.handle.net/10204/9705
Chindipha, SD, and Barry VW Irwin. "An analysis on the re-emergence of SQL Slammer worm using network telescope data." (2017): http://hdl.handle.net/10204/9705
Chindipha S, Irwin BV, An analysis on the re-emergence of SQL Slammer worm using network telescope data; SATNAC; 2017. http://hdl.handle.net/10204/9705 .
Paper presented at Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017