The easiest way to avoid this is to close port 1433 in the firewall except from relevant IP addresses. We only allow connections from our office and if someone is offsite they have to either tunnel into the production environment or tunnel into the office to access the SQL servers. I would never leave critical services exposed from any WAN IP.
Justin > -----Original Message----- > From: Jon Hall [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 21, 2002 8:30 PM > To: CF-Talk > Subject: Re: mySQL vs. Access or MSDE (worm note) > > What about Access 2002? Does it include MSDE and does it > listen on port 1433 > as a default? We started to see a lot of invalid logins to > our SQL Servers > last night.... I was thinking what kind of SQL Admin in their > right mind > would leave the sa password blank, certainly there can't be that many > irresponsible SQL Admins out there, but if these are MSDE > installations > getting infected it makes more sense.... > > jon > ----- Original Message ----- > From: "chad" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, May 21, 2002 5:23 PM > Subject: RE: mySQL vs. Access or MSDE (worm note) > > > > I should have mentioned it in my last post about the MS SQL worm. > > > > Starting with Access 2000, Microsoft began to ship a > stripped down version > > of SQL Server called Microsoft SQLServer Desktop Edition > (MSDE). It was > not > > installed by default in an Access 2000 install, but was > available as an > > add-on on the installation disks. If installed, no password > is set for the > > SA account. > > > > > > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
