[THIN] Re: SQL Attack question
- From: Henry Sieff <hsieff@xxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Mon, 27 Jan 2003 09:36:32 -0600
1) Definitely install latest patches on SQL server.
2) You want to start silently dropping UDP 1434 on all interfaces of the
router. Logging the packets will cause CPU overload for the next few days.
Ideally, you want to route those packets to Null, instead of taxing your
router with actually processing an ACL to drop it,
We actually weren't much affected by it, but I am seeing increased latency
in our connections to our remote clients today.
Henry
> -----Original Message-----
> From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx]
> Sent: Saturday, January 25, 2003 10:41 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: SQL Attack question
>
>
>
> Yep,
> My router was going bonkers this morning. I was unable to access the
> internet from any machines on my network. I unplugged my web
> servers network
> cable and it stopped instantly and I was able to access the
> internet fine
> from you other machines.
>
> If you have an sql server you absolutely need to either get
> the patch (which
> is a pain in the but to install because it is not automatic
> install) or
> install SQL 2000 SP3.
>
> Installing SP3 went without a hitch for me. I backed up all
> my databases,
> shut down all the antivirus, web services and sql services before I
> installed it and it went fine.
>
> JK
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
> Behalf Of Michael Boggan
> Sent: Saturday, January 25, 2003 11:19 PM
> To: 'THIN'
> Subject: [THIN] SQL Attack question
>
>
> Over the last few days we have had 2 of our Dell Powerconnect switches
> "lock" up. They stopped passing any kind of traffic. The
> only way to fix
> this was to unplug them to reset them. Could this be caused
> by this latest
> DoS attack? Or has anyone else seen this problem before?
>
> _________________________________
>
> Michael Boggan
> Network Engineer/Citrix Admin
> Virtual Desktop Inc.
> Dallas, Texas
> Ph: (972) 960-6400
> Fax: (972) 960-6445
> email: mboggan@xxxxxxxxxxx
> <http://www.virtualdesktopinc.com/> http://www.virtualdesktopinc.com
> _________________________________
>
> For Technical Support please send email to support@xxxxxxxxxxx
> <mailto:support@xxxxxxxxxxx>
>
>
>
> ********************************************************************
> This Week's Sponsor: RTO Software - TScale
> TScale increases Terminal Server capacity. Get 30-40% more users per
> server to save $$$ and time. Add users now! - Not more servers.
> If you're using Citrix, you must learn about TScale!
> Free 30-day eval: http://www.rtosoft.com/Enter.asp?ID=79
> *********************************************************************
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>
> ********************************************************************
> This Week's Sponsor: RTO Software - TScale
> TScale increases Terminal Server capacity. Get 30-40% more users per
> server to save $$$ and time. Add users now! - Not more servers.
> If you're using Citrix, you must learn about TScale!
> Free 30-day eval: http://www.rtosoft.com/Enter.asp?ID=79
> *********************************************************************
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>
********************************************************************
This Week's Sponsor: RTO Software - TScale
TScale increases Terminal Server capacity. Get 30-40% more users per
server to save $$$ and time. Add users now! - Not more servers.
If you?re using Citrix, you must learn about TScale!
Free 30-day eval: http://www.rtosoft.com/Enter.asp?ID=79
*********************************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts: