January 25, 2003 at 1:48 am
We have seen a big problem with major latency due to SQL server scans according to upstream providers. Has anyone seen any issues or informations?!
Thanks,
Neil
January 25, 2003 at 3:49 am
Yes actually, our sysadmin scanned 1/2 gig of logs to figure out there is a new worm out there that is circulating .... and is written so well that it will fully saturate your pipe. There are massive ddos attacks that are mounted from this, then it tries to replicate.
January 25, 2003 at 4:39 am
Have you been able to find a resolution to cleaning the worm or a way of pinpointing what machines are infected and which aren't?
January 25, 2003 at 9:30 am
January 25, 2003 at 9:58 am
It attacks a vulnerability reported in MS02-039. Service Pack 3 includes the patch.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
January 25, 2003 at 10:06 am
does this affect sql server 7 also? or does it affect only sql 2000 machines
Paras Shah
Evision Technologies
Mumbai, India
Paras Shah
Evision Technologies
Mumbai, India
January 26, 2003 at 2:13 pm
The original commented vulnerability only reported that SQL Server 2000 versions were vulnerable. Block UDP port 1434 at the firewall to be safe.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
January 27, 2003 at 2:15 am
Hello,
We have had the same problem this week-end.
The resolution is to apply SP3 on MSSQL 2000, or Q323875 hotfix.
But, it should be a memory problem with the HotFix.
Alexis
DBA, Philip Morris
January 27, 2003 at 1:44 pm
I tried the hotfix, but it's not working on my XP box. I currently have SQL 2000 SP2 on it. Has anyone got it to work?
I'd try SP3, but we had a terrible time getting the MSDE SP2 merge modules, and I'm not convinced we can get them this time. If we can't get them for SP3, SP3 is not a solution for us.
Steve
Steve Miller
January 27, 2003 at 2:21 pm
There is also a standalone patch for this bug. Check out microsoft.com Q323875 hotfix.
Paras Shah
Evision Technologies
Mumbai, India
Paras Shah
Evision Technologies
Mumbai, India
January 28, 2003 at 12:20 pm
Look for MS02-061 there is an updated version that is a rollup of all prior and is in installer format so it's easy to fix.
Supposedly McAfee has a way to remove the virus, but if you patch the machine and reboot it's gone.
Note you MUST be at SP2 to apply this patch, it affects SQL2k and MSDE.
This patch brings you to the latest pre SP3.
KlK, MCSE
Edited by - kknudson on 01/28/2003 12:20:43 PM
KlK
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply