Re: MSQL Server and Slammer

From: Roger Wolter[MSFT] (rwolteronline@microsoft.com)
Date: 01/31/03


From: "Roger Wolter[MSFT]" <rwolteronline@microsoft.com>
Date: Fri, 31 Jan 2003 09:58:44 -0800


SQL Server 2000 SP3 will still listen on port 1434 UDP for incoming
connection and it's also possible (or even probable) that some other machine
will try to connect to Port 1434 UDP to transfer the worm to you again. The
patch doesn't eliminate the use of 1434, it just ensures that the port can't
be used to attack your system with the worm.

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Marcel" <m.kollenaar@home.nl> wrote in message
news:b1eb1k$12e8sl$1@ID-34238.news.dfncis.de...
> Hi,
>
> I updated "Sql server Windows NT" running on a computer with XP Pro with
the
> re-released hotfix from Microsoft. The strange thing is that when I
started
> SQL server the first time after the update the firewall detected an
> immediate attempt for a connect to the internet 255.255.255.255:1434.
> Therefore I'm not so sure that the hotfix has helped. How can I check that
> this behaviour of the server is correct what I am seeing form my firewall?
>
> In my case the SQL-server has nothing to do on the internet. It's only a
> sinlge user Accounting package what I am using. The program that uses
> SQL-server is working correct after the update.
>
> Tia,
>
> Marcel
>
>


Relevant Pages

  • Re: URGENT: New SQL Worm?
    ... MS02-039 patches the vulnerability this new worm is attacking. ... Blocking inbound access to UDP1434, the SQL Server 2000 Resolution ... Service port. ... Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor ...
    (NT-Bugtraq)
  • Re: Massive SQL Server attack
    ... MS02-039 patches the vulnerability this new worm is attacking. ... Blocking inbound access to UDP1434, the SQL Server 2000 Resolution ... Service port. ...
    (microsoft.public.win2000.security)
  • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
    ... > BLOCK PORT 1434! ... >>> Until you've walked a mile in the shoes of the admins having to deal ... > a normal port for SQL server *until* MSDE came out. ... mod_ssl worm that reminded everyone to patch ...
    (Full-Disclosure)
  • Re: SQL Worm
    ... >will allow a connection to port 1433. ... I'm guessing that the worm has been modified and ... >other hosts on the net that had SQL Server on port 1433 with an empty ... >password on the SA account. ...
    (microsoft.public.sqlserver.security)
  • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
    ... Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! ... Seems to be the most common opinion of those who have no apparent experience with large networks. ... held no responsibility here, ...
    (Full-Disclosure)