Re: MYSQL Question
- From: "Sam Hobbs" <samuel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Jan 2006 23:53:20 -0800
Are you absolutely sure it is "schost.exe"? My guess is that it is
"svchost.exe", so if you searched for information about "schost.exe", but it
is it is "svchost.exe", then you would not find anything useful.
If it is "svchost.exe", the search the Technet for "svchost" to get a
general understanding of what it is.
"JS" <no@xxxxxxxx> wrote in message
news:uSeMDbuIGHA.3176@xxxxxxxxxxxxxxxxxxxxxxx
> Hello All:
>
> Don't know where else to post this so i am hoping someone here might have
> some info. Early this afternoon, we noticed a spike in our bandwidth. A
> closer look show one of our web servers in the DMZ as the culprit. Looking
> at the connections to this server, I found hundreds of connections to a
> process ...schost.exe on port 1429 connecting to distant machines aall
> running mysql.
>
> This is obviously some sort of worm or DOS launched from or against my box
> and I am just trying to find come information on it. The server is running
> windows 2000, IIS5.0, PHP4.83 ....is up to date on all patches and running
> NAV CORP edition with latest Defs.
>
> I need to find out how this worm got dropped and a little more information
> on it and am coming up blank so far. Any information would be appreciated.
>
> Thanks
>
.
- Follow-Ups:
- Re: MYSQL Question
- From: JS
- Re: MYSQL Question
- References:
- MYSQL Question
- From: JS
- MYSQL Question
- Prev by Date: Re: Denial of Service: BINARY_CHECKSUM of TEXT column hangs CPU: SQL 2K SP4
- Next by Date: Re: Backup security
- Previous by thread: MYSQL Question
- Next by thread: Re: MYSQL Question
- Index(es):
Relevant Pages
|
|
