W32.SqlSlammer

• Previous message (by thread): W32.SqlSlammer
• Next message (by thread): FW: FYI - Cisco - Status as of Sat Jan 25...Global worm attack seems related to SQL 2000...see below for patches from Microsoft (available as of 7/17/02).]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 02:21 PM 1/25/2003, you wrote:

>By the way, I know you guys probably don't care but McAfee is saying that if
>you have SP3 on your windows2000 server you will not be infected with
>SQLSlammer, this is absolutely NOT true, I have a box with sp3 and it IS
>infected.

To clarify, we're talking about Microsoft SQL Server 2000, Service Pack 3, 
not the Windows 2000 Service Pack 3 (which also exists).  Two completely 
different animals

I've got one machine with SQL 2K on it, and it, too, was infected.  Then I 
installed SQL Server 2000 SP3, and put it back on the net.  Just to be 
sure, I opened up port 1434 to it, and sat back and watched.

Lotta traffic to port 1434, but nothing happened.  It got hit several 
times, and never joined the crowd spewing traffic.

If you have an infected machine, pull it off the 'net... immediately, if 
not sooner.  Then go download the service pack for the SQL Server at:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9032F608-160A-4537-A2B6-4CB265B80766&displaylang=en

Getting the 44 meg file over to the disconnected server is left as an 
exercise for the reader (remember SneakerNet?)

• Previous message (by thread): W32.SqlSlammer
• Next message (by thread): FW: FYI - Cisco - Status as of Sat Jan 25...Global worm attack seems related to SQL 2000...see below for patches from Microsoft (available as of 7/17/02).]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]