Woohoo! All hacked SQL Servers are doing a massive DoS!!!
- Thread starter Mucman
- Start date
Glad MS new security focus is coming through 
btw, I now believe mixing web-hosting and Internet access is a big no no
So far our 2 SQL Servers have not made a blip, but 3!!!! of our Internet customers have hacked machines.
Probably going to try blocking destination port 1433, but I am not sure that will alleviate all the congestion on our network.
btw, I now believe mixing web-hosting and Internet access is a big no no
So far our 2 SQL Servers have not made a blip, but 3!!!! of our Internet customers have hacked machines.
Probably going to try blocking destination port 1433, but I am not sure that will alleviate all the congestion on our network.
We've been getting dos'ed so much lately that I"m used to tons of latency at night so I didn't even think otherwise of it
paperfist
Diamond Member
Oh this would explain why port 1434 has been scanned on my machine a billon times! Here I thought my ISP was providing poor service again
Hmm... this isn't good. I tell you what. I'm definitely seeing the ill effects of the world's poor choice in software.
Oh come on Oaf357! So far you have been a good addittion to the forums. Please do not spoil it by becoming an anti-MS troll
<--- note, I run 7 FreeBSD boxes at home
Scarpozzi
Lifer
- Jun 13, 2000
- 26,391
- 1,780
- 126
I don't care for remarks like that.
I run 4 SQL servers and none of them have been infected as of yet. However, there are 3 others on the network that we're slowly weeding out today. I hate it when I have to be at work on a weekend....though I certainly don't have to be. My servers are working, this is a 'network' issue now. Its never the network's fault. Network does what its supposed to do, must be a host problem.
I'll ammend my statement..
"Most people do not patch their servers regularly, especially when said patch breaks what ever fubarred application is running on it"
I'll ammend my statement..
"Most people do not patch their servers regularly, especially when said patch breaks what ever fubarred application is running on it"
Originally posted by: spidey07
Its never the network's fault. Network does what its supposed to do, must be a host problem.
I'll ammend my statement..
"Most people do not patch their servers regularly, especially when said patch breaks what ever fubarred application is running on it"
Though we did have a fileserver take a digger after a patch that was supposed to "improve" Mac filesharing.
Right....
I do belieave there are legitimate concerns over patching right after a patch release but 6-7 months later is a bit long to determine if it is safe.
Trade offs to patching and perhaps breaking a good running process vs. getting hacked by the vulnerbility that exsist I suppose.
If there was someway to ensure that an update patch wouldn't break current running systems then there would be no excuse for not patching.
Granted there will still be the lazy administrators not worth a d@mn still messing it up for the rest of us.
Trade offs to patching and perhaps breaking a good running process vs. getting hacked by the vulnerbility that exsist I suppose.
If there was someway to ensure that an update patch wouldn't break current running systems then there would be no excuse for not patching.
Granted there will still be the lazy administrators not worth a d@mn still messing it up for the rest of us.
Originally posted by: Mucman
Oh come on Oaf357! So far you have been a good addittion to the forums. Please do not spoil it by becoming an anti-MS troll
<--- note, I run 7 FreeBSD boxes at home
Not a good addition. Okay, whatever. But, who are you to judge?
But, like the next poster said this "hole" has been out for over six months. I'm not an anti-MS troll, I use it at home. But, I believe that no "server" should ever be as weak as any Microsoft product actually is. MS is slowly sliding out of the server room and these attacks are one of the reasons why.
In my experience, alot of the unpatched servers out there are not really due to admins being incompetent. Many of these are put in place by outsourcing firms or 'consultants' who are hired by small companies to install something and then leave. Many of these companies have no onsite admins to do ongoing maintenance. These servers sit for years unattended until they break at which point the companies call someone to fix them.
Another thing I see often is companies using a packaged product that uses SQL on the backend. Often these companies have no clue that they own a SQL server.
Another thing I see often is companies using a packaged product that uses SQL on the backend. Often these companies have no clue that they own a SQL server.
Well, if this is true, it means that it *should* have been a lot lighter than it ended up being...
?It?s been an all night operation here,? said Matt Pilla, Microsoft Corp. spokesman. Slammer attacks a relatively old flaw in Microsoft?s SQL Server, one found by researchers in July. But many systems were still unpatched when the worm began spreading late Friday night. Adding to Microsoft?s headaches: the clogs in Internet traffic were still limiting access to Microsoft?s Web site on Saturday, preventing some engineers from patching infected systems.
Microsoft on Saturday was still trying to determine the best advice for customers; the company could not confirm that the free patch issued in July was enough to protect systems against Slammer. Instead, the company was recommending a free service pack upgrade instead.
And looking at the SQL server site, SP3 has only been out for about a week. "Date Published: 1/17/2003 "
?It?s been an all night operation here,? said Matt Pilla, Microsoft Corp. spokesman. Slammer attacks a relatively old flaw in Microsoft?s SQL Server, one found by researchers in July. But many systems were still unpatched when the worm began spreading late Friday night. Adding to Microsoft?s headaches: the clogs in Internet traffic were still limiting access to Microsoft?s Web site on Saturday, preventing some engineers from patching infected systems.
Microsoft on Saturday was still trying to determine the best advice for customers; the company could not confirm that the free patch issued in July was enough to protect systems against Slammer. Instead, the company was recommending a free service pack upgrade instead.
And looking at the SQL server site, SP3 has only been out for about a week. "Date Published: 1/17/2003 "
This sort of crap is really getting old.
The fact of the matter is, that there are just as many exploits for *nix, apache, etc etc, as there are for MS. You would know that if you worked professionaly with Nix and Windows. Take a peek at bugtraq and you will see exatcly what I mean.
ALL CODE HAS VULNERABILITIES.
The difference is MS products have a wide install base and thus make a good platform for launching attacks like this one.
Blanket statements like "MS is sliding out of the server room" are not accurate at all.
The server room is *Nix's to lose, not MS's.
And as for patching, I've worked with lots of *nix and Windows admins, and my experience has been that they are equally lazy when it comes to patching thier machines. Some do, some dont. That's life.
There is nothing wrong with SQL as a DB app. It works and it works well. If it was an inferior product, it would never have reached the install base it has today.
Fact remains that if you have servers exposed to the internet you DO NOT RUN WINDOWS.
buggy, security ridden crap. Sure SQL is a great database, but there are others that don't suffer from these same problems year after year that MS software does.
Sorry, off soapbox, but that's how I really feel.
-edit- thank goodness were safe. firewall, IDS with these signatures, logging and no MS products accessible from the internet allow me to sleep at night.
buggy, security ridden crap. Sure SQL is a great database, but there are others that don't suffer from these same problems year after year that MS software does.
Sorry, off soapbox, but that's how I really feel.
-edit- thank goodness were safe. firewall, IDS with these signatures, logging and no MS products accessible from the internet allow me to sleep at night.
Oaf357. I hope you didn't take offense to what I said, because I didn't mean to offend. The Networking forum is the one forum where the "MS sucks" syle 1-liner posts don't occurr that often. I love to debate back and forth over the pluses and minuses of each platform, but the one liner such and such sucks response have gotten really old.
Spidey07, We have 18 Windows servers exposed, and 5 unix boxes (two are OpenBSD, 2 Red Hat, 1 Debian). In the 4 years this company has been doing business, there have been two machines hacked on our network. Both were Red-Hat boxes. We have not had 1 Windows box hacked/compromised. Why is that? We know how to administer Windows boxes. I don't have a clue how to administer RedHat boxes (My unix knowledge is limited to the BSD's).
Man, I am sounding very pro MS right now!!! I assure you I am on the fence (the place that the weak minded sit).
Spidey07, We have 18 Windows servers exposed, and 5 unix boxes (two are OpenBSD, 2 Red Hat, 1 Debian). In the 4 years this company has been doing business, there have been two machines hacked on our network. Both were Red-Hat boxes. We have not had 1 Windows box hacked/compromised. Why is that? We know how to administer Windows boxes. I don't have a clue how to administer RedHat boxes (My unix knowledge is limited to the BSD's).
Man, I am sounding very pro MS right now!!! I assure you I am on the fence (the place that the weak minded sit
).TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
-
-
Facebook
Twitter