I repeat ... Why does sql 2000 scream to the world ... how do you shut this thing up?

From: Ron (ron_at_physiologic.com.au)
Date: 10/13/03 

Date: Mon, 13 Oct 2003 23:37:55 +1000

I have SQL7, have had for 3 years now, sitting behind a Sygate firewall, it
talks to a web server when asked to by the active server pages running on
the web server on the same machine ... a very simple setup. The firewall
shows no incoming, no outgoing and no attacks registered.
About 2 months ago I added SQL2000 to start to get the feel of it prior to
migrating all databases over. I have it at SP3a (2000.080.0760.00), have
ports 1434, 1433, and 2433 blocked in and out to the internet on firewall,
have disabled TCP/IP, have clicked 'hide server' ... and every time I start
SQL2000 by the next morning I've had up to 15 slamnmer worm attempts! Turn
it off for a few days (frustrated!) ... no slammer attempts.
What do you do to tell this thing to shut up until I ask it to provide data
for a web page (no ... I've never connected to it via a web site/page).

Panda suggested:
Have you done the following:

In Server Network Utility:
Change tcp/ip port or remove tcp/ip protocol
and/or enable Hide server option and remove all
protocols except one.

In enterprise manager. Right click on server
and go to properties. On Connections tab:
uncheck "Allow other servers...using RPC"

Answer - yes i have ... and

 ... still I only get slammer attempts when SQL2000 is running? I've
just been away for 10 days, SQL7 ran all that time ... not a slammer attempt
... turned it on last night and had 12 attempts by morning? This has
happened every time I've turned it on! The firewall reports SQL2000 has
outgoing info, yet the only enabled protocol is named pipes and connect to
other computors is unchecked ...
 ... so statistically it could be 'per chance'
but I think the title for this thread is accurate ... they haven't fixed the
'bug'

Who else runs 7 and 2000 on the same machine?

Any help appreciated ...or soon it'll be 'who wants a free copy of
SQL2000Ent ... but I suggest you put it on a standalone so your data stays
private!

ron

Relevant Pages

  • Re: Moving webserver inside firewall
    ... current OS/Product Service Packs, security patches, security tools, virus ... | I think inside the firewall is the best place for most any server. ... | The only way to be 100% sure the web server is not compromised is to ...
    (microsoft.public.inetserver.iis.security)
  • Re: messenger service pop ups
    ... Well, you're right, but I would argue that it's not the firewall but the ... be to host a web server on the home computer or a peer to peer file sharing ... Running a web server or file sharing software is a big security risk waiting ... but the downside to software firewalls is mysterious ...
    (microsoft.public.security)
  • Re: some external domains not resolving
    ... Thanks - I'm upgrading the firewall this week so hopefully that will clear ... www.tnchamber.org which means they are both sites on the same web server. ... I believe I have our DNS server configured correctly - forwarders are ...
    (microsoft.public.windows.server.dns)
  • Re: DMZ - Network topology
    ... > I was then planning on making rules in the firewall limiting how the web ... > server could talk to the database server on the LAN. ... > The imperative security issue is the LAN, the web server can be trashed ... I personally think it is a big mistake to put any computer on the internet ...
    (microsoft.public.inetserver.iis.security)
  • IPChains bug or DoS?
    ... The server is located behind a Linux firewall running IPChains. ... There's one port open on the firewall ... the web server and the client are having a normal ...
    (comp.os.linux.security)