This would be a function of your firewall. Only allow trusted hosts to connect to UDP 1433-1434 and 'drop' all other attempts.
Thank You, Jeffrey Larson Senior LAN Technician Michigan Millers Mutual Ins. (517) 371-7726 CCNA Network+ <mailto:[EMAIL PROTECTED]> ############################################################################ ############################### This e-mail and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on. ############################################################################ ################################# -----Original Message----- From: Hayes, Bill [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 10:48 AM To: Rouland, Chris (ISSAtlanta); [EMAIL PROTECTED] Subject: RE: [ISSForum] SQL Slammer I just had a discussion with RealSecure Tech support on this one about 10 days ago. We began to see SQL_SSRP_BO about 15 days ago. Since this was a udp-based attack, RSKILL is not possible. Is there some way to set up a response for SQL_SSRP_BO so that the attacking host is banned? Bill... -----Original Message----- From: Rouland, Chris (ISSAtlanta) [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 2:28 PM To: Christopher Lyon; [EMAIL PROTECTED] Subject: RE: [ISSForum] SQL Slammer Christopher, The RealSecure network sensor signature that shipped in RealSecure XPUs 20.4/5.3 on 9/17/02 which detects the exploit being used by the SQL Slammer worm is named SQL_SSRP_StackBo. -Chris -----Original Message----- From: Christopher Lyon [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 26, 2003 4:37 AM To: [EMAIL PROTECTED] Subject: [ISSForum] SQL Slammer According to ISS' home page the sensors can detect this as of September 2002. I did a search for it on the signature base that I have but can't seem to find it. I tried both Slammer and SQLExp. Does it use a different name? _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
