October 23, 2010 at 11:48 am
Comments posted to this topic are about the item SQL Slammer
October 24, 2010 at 12:30 pm
I remember SQL Slammer. I was living in Jax and contracting at the time. The enterprise also had lots of undocumented instances of SQL Server and MSDE. We'd clean up the problem and then get hit again. It took a few days to get things stabilized. I ended up writing a utility that pinged SQL Servers and logged responses. That helped identify a few hard-to-find instances.
:{>
Andy Leonard, Chief Data Engineer, Enterprise Data & Analytics
October 24, 2010 at 12:51 pm
I know of a local company that has lots (30+) MSDE installations all on RTM or SP1. I've warned them a couple times about what will happen if Slammer gets into their enviroment, but....
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
October 24, 2010 at 1:18 pm
I remember slammer well.
I was one vacation for a week, and I got back to find it had hit our network.
The only 2 servers not affected were ones I managed.
I guess I was fortunate to have kept current on patches.
It was very interesting to see how many unpatched servers were on our network.
One good thing that did come out of it - they did come out with a more uniform patching policy.
Greg E
October 25, 2010 at 6:57 am
Oh I remember it quite well. I was watching CNN first thing in the morning and they were talking about it... then.. the phone rings.... Houston we have a problem.... I spend all day at work patching the effected ones. We had a handful to patch.
October 25, 2010 at 8:29 am
It turned out to be a great day in history - had it not happened, would SQL Server and Windows Server be so good today?
It didn't affect us. We were on Sybase ASE (on Solaris) for RDBMS. Validated our decision not to jump on the Windows Server bandwagon. We had Windows on the desktop, but the files and dbs were stored on Unix. The MS server products were amateurish.
Seven years later, it's mostly SQL Server 2005/8. I'd like to be rid of Sybase ASE - great product, but SQL Server is better and cheaper. What happened?
MS woke up. Slammer told them to stop laughing when customers mention security and networking. That they really could learn something from the people who had been doing it for years.
And they did a great job of it - while improving many other aspects of SQL Server 2008.
I was never a "hater". MS just wasn't very good back then (yet was very arrogant about "the vision"). Today, SQL Server 2008 64bit is my #1 choice for so many reasons.
Roger L Reid
November 2, 2010 at 2:18 pm
One side of me wants to say this should no longer be an issue. The realist side of me realizes that there are so many SQL installs out there that are unpatched or even in RTM still. The real issue should be to get people to patch their servers and SQL installs appropriately.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 2, 2010 at 2:23 pm
Roger L Reid (10/25/2010)
It turned out to be a great day in history - had it not happened, would SQL Server and Windows Server be so good today?It didn't affect us. We were on Sybase ASE (on Solaris) for RDBMS. Validated our decision not to jump on the Windows Server bandwagon. We had Windows on the desktop, but the files and dbs were stored on Unix. The MS server products were amateurish.
Seven years later, it's mostly SQL Server 2005/8. I'd like to be rid of Sybase ASE - great product, but SQL Server is better and cheaper. What happened?
MS woke up. Slammer told them to stop laughing when customers mention security and networking. That they really could learn something from the people who had been doing it for years.
And they did a great job of it - while improving many other aspects of SQL Server 2008.
I was never a "hater". MS just wasn't very good back then (yet was very arrogant about "the vision"). Today, SQL Server 2008 64bit is my #1 choice for so many reasons.
You are aware that Slammer took advantage of a security hole that Microsoft had issued a patch for over a year before Slammer hit, right? The only systems affected were ones where people hadn't patched in over a year.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 2, 2010 at 2:26 pm
If I remember correctly that slammer patch did not come out long before it hit. SP3 just came out about two weeks before slammer and the patch was in SP3. We had not had a chance yet to put SP3 on anything as of yet.
The problem was that you had to be at SP2 to apply the patch and it was a manual effort... take these files and cut paste them into these directories. Right after that Microsoft delivered all patches as executables instead of the move this here and move that here...
November 2, 2010 at 2:34 pm
My experience with Slammer was that all of my servers were up-to-date and had no problems. Like everyone else, our internet connections were down during the peak hours it was slamming everything, but nothing on our LAN.
UNTIL one of the salespeople plugged his laptop into the LAN almost a year later, and brought the whole network in the building to a crashing halt. Turned out he had MSDE on the laptop and didn't even know it, and hadn't run any updates EVER, to Windows or anything else.
Of course, it took two hours for our network people to nail down that the issue was his laptop, and then a few minutes to unplug it and get the network under control. His comment, "Yeah, I noticed the network went down when I plugged my laptop in. Didn't think anything of it. You know... it does the same thing when I plug it into my network at home. You think that might be related?" He was not joking.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 2, 2010 at 2:50 pm
Wow - some education might be needed on that one.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 3, 2010 at 6:02 am
The night before/early AM we were doing a huge production deploy so about 25 IT people were in and one of the contractors PC's had an unpatched MSDE and that spread it onto our network. It was amazing over the coming days how many people had MSDE installed on PCs and servers under desks.
November 3, 2010 at 8:52 am
Markus (11/2/2010)
If I remember correctly that slammer patch did not come out long before it hit. SP3 just came out about two weeks before slammer and the patch was in SP3. We had not had a chance yet to put SP3 on anything as of yet.The problem was that you had to be at SP2 to apply the patch and it was a manual effort... take these files and cut paste them into these directories. Right after that Microsoft delivered all patches as executables instead of the move this here and move that here...
I just double-checked. The patch had been out for 6 months, available from http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx. Patch available 24 July 2002, Slammer hits the scene 25 Jan 2003.
It's hard for me to blame Microsoft for lax security on this one. Yes, the buffer overflow vulnerability was their responsibility/fault, but they had issued a working patch months before the problem. Doesn't exonerate them, but does mean I don't vilify over it.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 3, 2010 at 8:59 am
I do remember now. The reason we had some unpatched ones was because we were still at SP1 due to purchased apps only had SP1 certified so we could not patch. Once this hit we patched some anyway and a few other touchy systems we worked with the vendor to apply SP2 and the patch.
The unknown MSDEs running on laptops and some oddball servers were the ones that we had to find and patch. Those were a pain.
November 3, 2010 at 9:37 am
Yeah, there were (and are) problems with vendors specifying that you have to remain unpatched on supporting software like SQL Server.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 15 posts - 1 through 15 (of 20 total)
You must be logged in to reply to this topic. Login to reply