Since it seems that both MS SQL Server and MSDE are vulnerable to the Slammer exploit (if unpatched), one would think that the most obvious first approach would be to see if anything is actually listening on UDP 1434. Given the issues that can arise w/ a remote nmap scan of a system, perhaps the most obvious approach would be to run netstat and/or fport on the system in question. This should tell you pretty definitively whether or not something is even listening on the port in question.
__________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
