Re: ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 01/31/03 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Thu, 30 Jan 2003 20:11:43 -0500

While I would understand if there was a legal reason for doing so, I share
the disappointment that this tool requires domain privileges. For the large
environment I support, this makes the eeye.com tool much more useful for me,
though I am limited there in that I can't scan the entire class B network
very easily at all.

"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:eB4H16LyCHA.2648@TK2MSFTNGP11...
> Check the docs there. There are more than one scanning tools:
>
> SQL Scan will scan a computer, a domain or a range of IP addresses.
>
> SQL Check scans the local machine
>
> The third tool available, SQL Critical Update, scans the computer on which
> it is running for instances of SQL Server 2000 and MSDE 2000 that are
> vulnerable to the Slammer worm, updating the affected files. SQL Critical
> Update runs on computers running Windows NT 4.0 or higher.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> "neo techopolis" <ne0@collusion.org> wrote in message
> news:4db46b8d.0301301358.1bcf0b9c@posting.google.com...
> > It only scans the HOST? Are you kidding? You've had DAYS to work on
> > this and you produce this utility. There are tons of REAL tools out
> > there to help diagnose vulnerability posture. Try eEye's Sapphire
> > worm scanner.
(http://www.eeye.com/html/Research/Tools/SapphireSQL.html)
> > The freeware version scans 256 IP's at a time. HFNetCheck has a
> > similar scanner but it only checks registry keys (eg you must have
> > administrative priv's). eEye's is the only one I know of that figured
> > out how to do this w/out admin priv's and it's a bit more accurate
> >
> > "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:<OgkKKfHyCHA.2916@TK2MSFTNGP09>...
> > > Please read below for information about this tool. For discussions on
> this
> > > tool, please go to:
> > >
> > > microsoft.public.sqlserver.securitytools
> > >
> > > --
> > > Regards,
> > >
> > > Jerry Bryant - MCSE, MCDBA
> > > Microsoft IT Communities
> > >
> > > Get Secure! www.microsoft.com/security
> > >
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > > "Euan Garden[MS]" <euang@online.microsoft.com> wrote in message
> > > news:uKNPW2CyCHA.2196@TK2MSFTNGP10...
> > > > SQL Server 2000 SQL Scan Tool (SQL Scan)
> > > > This utility scans an individual computer, a Windows domain, or a
> range of
> > > > IP addresses for instances of SQL Server 2000 and MSDE 2000, and
> > > identifies
> > > > instances that may be vulnerable to the Slammer worm. SQL Scan runs
on
> > > > computers running Windows 2000 or higher and can identify instances
> > > running
> > > > on Windows NT 4.0, Windows 2000, or Windows XP.
> > > >
> > > > http://www.microsoft.com/sql/downloads/securitytools.asp
> > > >
> > > > Please direct any questions you have on this tool to
> > > > microsoft.public.sqlserver.securitytools or to Microsoft Product
> Support
> > > > Services.
> > > >
> > > > --
> > > > -Euan
> > > >
> > > > Please reply only to the newsgroup so that others can benefit. When
> > > posting,
> > > > please state the version of SQL Server being used and the error
> > > number/exact
> > > > error message text received, if any.
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > >
> > > >
> > > >
>
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003

Relevant Pages

  • Re: ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool
    ... the disappointment that this tool requires domain privileges. ... > SQL Scan will scan a computer, a domain or a range of IP addresses. ... >> worm scanner. ... > rights. ...
    (microsoft.public.security)
  • Re: ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool
    ... the disappointment that this tool requires domain privileges. ... > SQL Scan will scan a computer, a domain or a range of IP addresses. ... >> worm scanner. ... > rights. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Understanding SQL and Microsoft GP
    ... You shouldn't even need DBO rights. ... DBA and having him profile a session where the Excel reports are being run. ... SQL Server MVP ... access to SQL server because I have no database knowledge. ...
    (microsoft.public.sqlserver.security)
  • Re: SQL/User Account
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... "RAJ" wrote in message ... SQL Server Service Manager indicated SQL ...
    (microsoft.public.sqlserver.security)
  • Re: Vista hosting XPe tools/db
    ... SQL Express isn't installing that should be there. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... Yes - I'm running the script on a machine that has SQL 2005 Express SP1 ... Although I managed to install the SP1 database with no errors, ...
    (microsoft.public.windowsxp.embedded)