May 22, 2002 at 1:13 pm
This goes back to the vulnerability that's been discussed before. There is at least one worm in the wild once again attacking SQL Server boxes by hitting TCP port 1433 and trying to log in as sa with a blank password.
Ensure all SQL Server boxes have an sa password set. The default on SQL Server 7 was a blank password.
For more details:
http://securityresponse.symantec.com/avcenter/venc/data/digispid.b.worm.html
SAN Analysis:
http://www.incidents.org/diary/diary.php?id_6
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
May 22, 2002 at 1:25 pm
May 23, 2002 at 4:57 am
Actually there is are several excuses but none are any good. This should be the first thing you learn. Also audit your passwords for things like 'God', 'dog', 'cat', '1234', 'money' simple things and you should be able to avoid password hacking for the most part. Always keep in mind SQL doesn't disable an account for failed attempts.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
May 23, 2002 at 7:38 am
This reminds me of my Citadel days when one of the legal responses was, "Sir, no excuse, sir." There have been thousands of infections according to various sources, which is scary... a SQL Server exposed to the Internet, listening on the default port, with no sa password set. Yikes!
But one thing that does need to be kept in mind is MSDE is affected as well, so perhaps this explains some of the infections. Some programs can install MSDE. Office 2000 Server Extensions is a good example.
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply