July 14, 2005 at 3:43 pm
Hi All
last week one of our servers behind firewall and aleon load balancer got sql worm attack ( as this esrver didnt have service pack but was behind firewall) due to some reasons. other sql servers and web server were also behind same firewall and submet and alteon load balancer .
we did remove the server from n/w rebuilt it and put it back with same external ip in same firewall and alteon architecture , somehow now we are experiencing some problems that one of web sites behind this firewall and on load balancers gets in accessible we tried to look for n/w faults/aletoen issues but failed to isolate anything
just has a doubt that If its sql worm still creating problems though we have checked other sql servers which are all patched and are fine and new one also . the new server is on same old Ip address . will chnaging IP address of sql server( the one which was compromised help?)
also ,pls guide any other things to be checked after sql worm has been removed
Thanks
Deepa
July 18, 2005 at 8:00 am
This was removed by the editor as SPAM
July 18, 2005 at 12:11 pm
Are you sure that you're patched to SP3a or greater? It sounds like the worm propogation is still going on and taking over all of the system resources. You can remove slammer or saphire using a tool available here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
Also ask your network people to block all internal access to UDP port 1434 as this is what that worm uses to propogate itself.
Hope this helps
My hovercraft is full of eels.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply