Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Premium Member
Joined
·
1,611 Posts
...and this is also known as : SQL Slammer Worm, DDOS.SQLP1434.A, W32/SQLSlammer, Slammer, W32/SQLSlam-A.

here is a link for directions and where to download patch (from Microsoft) :
http://www.microsoft.com/sql/downloads/2000/sp3.asp

and this is from Norton :

Removal Tool
Symantec has provided a tool to remove infections of W32.SQLexp.Worm. This is the easiest way to remove this threat and should be tried first. Because the worm is only resident in memory, and is not written to disk, this threat is not detectable using virus definitions. Customers are recommended to follow the measures described in this document in order to deal with this threat.
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.removal.tool.html

cert.org is also reporting that Microsoft SQL Server 7.0, Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine 2000
are also affected.
 

·
Premium Member
Joined
·
1,611 Posts
I dont believe so , only ones reported so far are meekrosofts SQL serv. 2k and MS. Desktop Engine 2k...Im not that familiar with mysql3 for linux...I think you should be pretty safe since this worm exploits a flaw found earlier in M$ SQL server... SQL serv. 2k have the ability to host more than one SQL server instance on one machine. The problem is, if you have more than one SQL server on one machine, they cannot listen on the same port. One can listen on port TCP 1433. All the other instances will need to listen on any other port assigned to them dynamically. This worm exploits SQL Server Resolution Service on UDP port 1434. This service is used when SQL client wants to connect to one of those other instances running, it calls up on resolution service which tells it on which port this other instance of the server is running...Slammer constantly tries to connect to randomly generated IP's hoping that it will hit a similar SQL server that is unpatched...it sends 376 bytes constantly to port 1434, creating lots of traffic and generating DoS at the same time.

HTH :)


uum...heh...anyone notice this thread is not under security or anti-virus....oh well.... :brush:
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top