Re: I repeat ... Why does sql 2000 scream to the world ... how do you shut this thing up?
From: Richard Waymire [MSFT] (rwaymi_at_online.microsoft.com)
Date: 10/13/03
- Previous message: Sue Hoegemeier: "Re: Why does sql 2000 scream to the world ... how do you shut this thing up?"
- In reply to: Ron: "I repeat ... Why does sql 2000 scream to the world ... how do you shut this thing up?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Oct 2003 10:06:29 -0700
What I assume you're seeing is traffic on UDP port 1434. That's the network
listener service, used by SQL Server clients to find named instances of SQL
Server. It's completely normal for SQL Server to be periodically announcing
itself on this port.
If you apply SP3a to SQL Server 2000 that will eliminate the slammer
vulnerability, but SQL Server will still periodically announce itself over
UDP 1434 and that is not slammer, that's just SQL Server telling clients
about it's existence. That UDP service is one of the reasons you don't need
to specify anything besides "machine\instance" to connect to a SQL Server
named instance.
-- Richard Waymire, MCSE, MCDBA This posting is provided "AS IS" with no warranties, and confers no rights. "Ron" <ron@physiologic.com.au> wrote in message news:%23oOdt%23YkDHA.2616@TK2MSFTNGP11.phx.gbl... > I have SQL7, have had for 3 years now, sitting behind a Sygate firewall, it > talks to a web server when asked to by the active server pages running on > the web server on the same machine ... a very simple setup. The firewall > shows no incoming, no outgoing and no attacks registered. > About 2 months ago I added SQL2000 to start to get the feel of it prior to > migrating all databases over. I have it at SP3a (2000.080.0760.00), have > ports 1434, 1433, and 2433 blocked in and out to the internet on firewall, > have disabled TCP/IP, have clicked 'hide server' ... and every time I start > SQL2000 by the next morning I've had up to 15 slamnmer worm attempts! Turn > it off for a few days (frustrated!) ... no slammer attempts. > What do you do to tell this thing to shut up until I ask it to provide data > for a web page (no ... I've never connected to it via a web site/page). > > Panda suggested: > Have you done the following: > > In Server Network Utility: > Change tcp/ip port or remove tcp/ip protocol > and/or enable Hide server option and remove all > protocols except one. > > In enterprise manager. Right click on server > and go to properties. On Connections tab: > uncheck "Allow other servers...using RPC" > > Answer - yes i have ... and > > ... still I only get slammer attempts when SQL2000 is running? I've > just been away for 10 days, SQL7 ran all that time ... not a slammer attempt > ... turned it on last night and had 12 attempts by morning? This has > happened every time I've turned it on! The firewall reports SQL2000 has > outgoing info, yet the only enabled protocol is named pipes and connect to > other computors is unchecked ... > ... so statistically it could be 'per chance' > but I think the title for this thread is accurate ... they haven't fixed the > 'bug' > > Who else runs 7 and 2000 on the same machine? > > Any help appreciated ...or soon it'll be 'who wants a free copy of > SQL2000Ent ... but I suggest you put it on a standalone so your data stays > private! > > ron > >
- Previous message: Sue Hoegemeier: "Re: Why does sql 2000 scream to the world ... how do you shut this thing up?"
- In reply to: Ron: "I repeat ... Why does sql 2000 scream to the world ... how do you shut this thing up?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
