Re: Could not get into server instance

From: Steve Thompson (SteveThompson_at_nomail.please)
Date: 12/16/03

• Next message: Steve Thompson: "Re: Sql Server Service Manager"
• Previous message: Liddle Feesh: "Re: Installing MSDE - User Security Issues..."
• In reply to: Fox: "Could not get into server instance"
• Next in thread: Fox: "Re: Could not get into server instance"
• Reply: Fox: "Re: Could not get into server instance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 16 Dec 2003 11:21:34 -0500

As a very first step -- scan your computer for virus or Trojans, I think you
may have a serious exploit on your hands.

Steve

"Fox" <fox @ connexions .net> wrote in message
news:e9HspB2wDHA.2408@tk2msftngp13.phx.gbl...
> Hi,
>
> I ran Enterprise manager, but I could not get into my
> server. It said that it was not running or to check '
> the config, which is fine and is Windows Only Authentication.
>
> Here is the weird and scary part. ZoneAlarm had an alert
> at the same time. The alert was asking for Management Console
> to use USERINIT.EXE to access 192.5.6.30DNS.
> This resolves to a.gtld-servers.net which is part of Verisign.
> I refused this outbound access and kept retrying to get into
> my server in Enterprise. No luck. I then decided to go ahead
> and give outbound access. Next time I tried to get into
> my server I was able to.
>
> Does anyone know what's up?
>
> I figured that maybe I should change all my logins?
> But, does this show that there is a breach of my system?
>
> There has been another odd thing where WSCRIPT.EXE has
> been asking for access to DNS servers. That I keep blocked.
> I am pretty sure that is a trojan, but do you think this is this related ?
>
> Thanks for any advice.
> Fox
>
>

---

• Next message: Steve Thompson: "Re: Sql Server Service Manager"
• Previous message: Liddle Feesh: "Re: Installing MSDE - User Security Issues..."
• In reply to: Fox: "Could not get into server instance"
• Next in thread: Fox: "Re: Could not get into server instance"
• Reply: Fox: "Re: Could not get into server instance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Could not get into server instance ... >> I ran Enterprise manager, but I could not get into my ... The alert was asking for Management Console ... >> I refused this outbound access and kept retrying to get into ... >> my server in Enterprise. ... (microsoft.public.sqlserver.security) Could not get into server instance ... I ran Enterprise manager, but I could not get into my ... The alert was asking for Management Console ... I refused this outbound access and kept retrying to get into ... my server in Enterprise. ... (microsoft.public.sqlserver.security) Re: BlackICE & SQL Slammer ... You have very limited control of outbound access with BI. ... the other personal firewalls adding this type of feature and hopefully ISS ... someone opening a server to the internet, that server is their big hole, and ... (comp.security.firewalls) Re: TROJ_AGENT.ALL ... >>Trojans are spread by the stupidity of people downloading haphazardly crap ... >>Trojans are NOT viruses and don't replicate. ... as I have a web server that has been compromised twice by ... You should ensure your SQL server is constrained to ... (alt.computer.security) Re: Unrestricted Outbound Web Server Access Opinion ... the main problem with unrestricted outbound access is the one ... Once the security of the server is compromised, ... easier to transfer data from/to the server. ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2003-12