Actually there is a worm that's attacking M$ SQL server. On the netstorm site about a week ago it was taking up approx 1/2 of net traffic.
Can't remember the name of but I remember that if you're running SQL server you had better be running the latest patches.... On Tue, 18 Jun 2002 21:16, Jeremy Bertenshaw wrote: > There was a new vulnerability discovered for mssql a coupla > weeks ago, allowed execution of arbitrary code etc... all the > usuals :-) > > jeremyb. > > -----Original Message----- > From: Chris Hellyar [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 18 June 2002 9:02 p.m. > To: Michael Beattie; [EMAIL PROTECTED] > Subject: firewall logs, was :Re: Apache vulnerability > > > Not really a Linux topic, but while we're on the subject of > vulnerabilities.. Someone obviously thinks my server is an IIS machine > with MS-SQL on it, as in the last 24 hours I've had 1210 logged attempts at > connecting, and my firewall logging is rate limited... All of them from a > Chinese netblock. > > Obviously something is rotten in the state of sql for someone to try that > many times.. Very odd though, as I've never run IIS. Anyone else seeing > lots of these packets? ie: is this script kiddies scanning netblocks a > lot, or does someone thing I'm running ms-sql? > > They are tcp syn packets, dst port of 1433, largeish ttl's (104 - 120) and > 48 bytes long. > > Cheers, me. > > ----- Original Message ----- > From: "Michael Beattie" > > > On Tue, Jun 18, 2002 at 12:45:27PM +1200, Chris Hellyar wrote: > > > No patch yet either, Man the pumps! :-). > > > > http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_protocol.c > > > > Mike. > > -- > > Michael Beattie <[EMAIL PROTECTED]> > > > > "In the beginning the Universe was created. This has made a lot of people > > very angry and been widely regarded as a bad move." - Douglas Adams
