SQL Slammer - sudden decrease in activity
Below is an interesting post from the ISC reflecting an unexplained sharp decrease in port 1434 attacks by the decade old SQL Slammer worm
Port 1434: Sudden Slammer Decline?
QUOTE: We're interested to know what's happening out there. It has been observed through DShield data that Slammer traffic has had a sudden decline. I played with the data for a while. I could make it look like many things, such as slow and steady decline over time. However, the most compelling story is the one where the data drops on March 9 and 10.
Below is the DShield data and graph on port 1434 for March 2011. It's speculative at this point as to the cause of the sudden drop. Japan's earthquake or Patch Tuesday have been kicked around. I would be remiss if I did not mention Kevin Liston's series on Slammer Cleanup during October. We are loving the thought his great effort was a catalyst for the eradication of it. So go back and take a look at your data for us and share what you're seeing.