I am currently using SQL server 2000 with SP3a
However, my SQL server still attach others' 1433 port
any one know what happen it is and how to solve it?
thxYour question doesn's make any sense to me. What does "still attach others
1433 port" mean?
> I am currently using SQL server 2000 with SP3a
> However, my SQL server still attach others' 1433 port
> any one know what happen it is and how to solve it?
> thx
>
Neil Pike MVP/MCSE. Protech Computing Ltd
Reply here - no email
SQL FAQ (484 entries) see
http://forumsb.compuserve.com/gvfor...p?SRV=MSDevApps
(faqxxx.zip in lib 7)
or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
or www.sqlserverfaq.com
or www.mssqlserver.com/faq|||sorry...let me explain to you
I have installed SP3a for my SQL server 2000
why I install SP3, since my server is attacks others server's 1433 port
so, I thought my server was infected by slammer, so I install the SP3a
however, after the installation of SP3a, my server still attacked other
server's 1433 port.
So..any solution'
thanks
"Neil Pike" <neilpike@.compuserve.com> wrote in message
news:VA.000061e6.0ddcb352@.compuserve.com...
> Your question doesn's make any sense to me. What does "still attach
others
> 1433 port" mean?
>
> Neil Pike MVP/MCSE. Protech Computing Ltd
> Reply here - no email
> SQL FAQ (484 entries) see
> http://forumsb.compuserve.com/gvfor...p?SRV=MSDevApps
> (faqxxx.zip in lib 7)
> or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
> or www.sqlserverfaq.com
> or www.mssqlserver.com/faq
>|||Did you update ALL instances of SQL Server on that machine?
Andrew J. Kelly SQL MVP
"Utada P.W. SIU" <wing0508@.hotmail.com> wrote in message
news:eQS$B6yKEHA.3076@.TK2MSFTNGP10.phx.gbl...
> sorry...let me explain to you
> I have installed SP3a for my SQL server 2000
> why I install SP3, since my server is attacks others server's 1433 port
> so, I thought my server was infected by slammer, so I install the SP3a
> however, after the installation of SP3a, my server still attacked other
> server's 1433 port.
> So..any solution'
> thanks
> "Neil Pike" <neilpike@.compuserve.com> wrote in message
> news:VA.000061e6.0ddcb352@.compuserve.com...
> others
>|||Utada - did you definitely INSTALL SP3a, or did you just "unpack" it. When
you run it after download that just unpacks it onto the hard-drive. You the
n
need to run the actual setup routine that it creates...
> sorry...let me explain to you
> I have installed SP3a for my SQL server 2000
> why I install SP3, since my server is attacks others server's 1433 port
> so, I thought my server was infected by slammer, so I install the SP3a
> however, after the installation of SP3a, my server still attacked other
> server's 1433 port.
Neil Pike MVP/MCSE. Protech Computing Ltd
Reply here - no email
SQL FAQ (484 entries) see
http://forumsb.compuserve.com/gvfor...p?SRV=MSDevApps
(faqxxx.zip in lib 7)
or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
or www.sqlserverfaq.com
or www.mssqlserver.com/faq|||Nah Utada's definately on to something. I just noticed this morning my sql
server is doing the same thing.
I woke up to find my network going crazy, a simple "netstat -an" shows a
whole heap of 1433 connections. Enterprise manager indicates SP3 is
installed and I downloaded and ran the SQL Server 2000 security tools
(http://www.microsoft.com/downloads/...en&FamilyID=955
2d43b-04eb-4af9-9e24-6cde4d933600#filelist) and it reports that nothing
needs patched. No other sql server instances or MSDE installed.
Futher more, if you run sqlscan:
C:\SQLCritUpdPkg\SQLScan>sqlscan -m 127.0.0.1
No need to run the SQL Critical Update utility for this instance at this
time.
server=127.0.0.1 instance=MSSQLSERVER version=SP3 language=1033
MSDEProd
uctCode=N/A MSDEPackageName=N/A platform=NT os=5.2
There's definately something similar to slammer or some variant going
around. Either that or I've missed a patch somewhere along the line?
- Simon
"Neil Pike" <neilpike@.compuserve.com> wrote in message
news:VA.000061e9.01dc39ef@.compuserve.com...
> Utada - did you definitely INSTALL SP3a, or did you just "unpack" it.
When
> you run it after download that just unpacks it onto the hard-drive. You
then
> need to run the actual setup routine that it creates...
>
> Neil Pike MVP/MCSE. Protech Computing Ltd
> Reply here - no email
> SQL FAQ (484 entries) see
> http://forumsb.compuserve.com/gvfor...p?SRV=MSDevApps
> (faqxxx.zip in lib 7)
> or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
> or www.sqlserverfaq.com
> or www.mssqlserver.com/faq
>|||I reviewed someone SQL Server yesterday and since they had it exposed with
a public IP on the internet, and because 1433 is one of the highest scanned
ports, someone had repeated tried guessing their 'sa' password.
My advice to you:
1. Firewall. Get one if you don't have one.
2. If you don't need external machines connecting to your MSDE/SQL, have it
listen only on Shared Memory.
3. Use SQL Integrated Security. This eliminates hackers from attempting to
guess you 'sa' password.
4. Read our Best Practices.
http://www.microsoft.com/technet/pr...n/sp3sec00.mspx
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Get a network trace of it and call it in to MS PSS. I'd never directly
connect a SQL Server box to the internet myself though anyway...
> There's definately something similar to slammer or some variant going
> around. Either that or I've missed a patch somewhere along the line?
Neil Pike MVP/MCSE. Protech Computing Ltd
Reply here - no email
SQL FAQ (484 entries) see
http://forumsb.compuserve.com/gvfor...p?SRV=MSDevApps
(faqxxx.zip in lib 7)
or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
or www.sqlserverfaq.com
or www.mssqlserver.com/faq|||Thanks Guys. I ended up just changing from the default port as the server
does need remote access and SQL authentication enabled. The server is behind
a router with firewall and port forwarding for just the SQL port. I suspect
that changing the port is a fairly good catch-all solution to
vulnerabilities in the future also. The activity may well have been users
trying to guess the sa password, which might explain why each unique IP had
about 8 or so connections open.
- Si
"Kevin McDonnell [MSFT]" <kevmc@.online.microsoft.com> wrote in message
news:DhULSwENEHA.1368@.cpmsftngxa10.phx.gbl...
> I reviewed someone SQL Server yesterday and since they had it exposed with
> a public IP on the internet, and because 1433 is one of the highest
scanned
> ports, someone had repeated tried guessing their 'sa' password.
> My advice to you:
> 1. Firewall. Get one if you don't have one.
> 2. If you don't need external machines connecting to your MSDE/SQL, have
it
> listen only on Shared Memory.
> 3. Use SQL Integrated Security. This eliminates hackers from attempting
to
> guess you 'sa' password.
> 4. Read our Best Practices.
>
http://www.microsoft.com/technet/pr...n/sp3sec00.mspx
>
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.
>
>
没有评论:
发表评论