Knowledgebase
Slammer Attack
| Posted by boonchuan, 10-23-2010, 04:41 PM | | Apparently a colo customer did not patch his MS SQL 2000 properly with SP3a 818 build and above. He was "slammed". Problem is even when he patch to SP4 will it be safe to have him online? Will slammer install malicious codes? I am very hesitant to have the customer back again given the total irresponsibility of not even patching something that has a patch for 6 years.
|
| Posted by plumsauce, 10-23-2010, 05:12 PM | | It would be safer to backup the data, do a clean install off network, and then restore the data.
On the question of patching, the adminstrator often has a choice of a workaround or the patch. The workaround is often the better choice if the administrator is sufficiently skilled.
Slammer should not have been able to get on the box if it had been properly firewalled *and* the server was used as a server. A properly hardened server, when used as intended is not going to be infected unless someone gets careless.
Terminal services users are often tempted to use the browser on the server. That is an absolute no-no and a recipe for disaster.
|
| Posted by boonchuan, 10-23-2010, 07:42 PM | | I had seen the box, the user didn't even bother to enable the very basic default Windows 2003 Server Firewall . That was a real mess. Thanks for your info though.
|
| Posted by plumsauce, 10-23-2010, 08:14 PM | | Then it was basically a completely open and defenceless box. Customers like that should be required to hire an experienced admin to setup *and* maintain the box.
|
|
 Add to Favourites
 Print this Article
|
Also Read
