On two different days, June 7th and 28, our SQL error logs
for 9 of 11 SQL Servers shows failed login attempts for
each SQL user as listed in that server's logins. There
are 9 failed attempts for each syslogin. We are running
SQL 2000 with SP3 which indicates that we are protected by
Slammer. Has anyone heard of a Slammer variation that may
have started in June of 2004? Any other thoughts? JerryHaven't heard of anything like that recently. But could it be that someone
is trying to guess the passwords of your logins?
--
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
"Jerry" <anonymous@.discussions.microsoft.com> wrote in message
news:275f401c46381$f669b3f0$a501280a@.phx
.gbl...
> On two different days, June 7th and 28, our SQL error logs
> for 9 of 11 SQL Servers shows failed login attempts for
> each SQL user as listed in that server's logins. There
> are 9 failed attempts for each syslogin. We are running
> SQL 2000 with SP3 which indicates that we are protected by
> Slammer. Has anyone heard of a Slammer variation that may
> have started in June of 2004? Any other thoughts? Jerry|||Jerry,
Unless you have install SQL Security patch MS03-031, you probably are
NOT protected from the 'Slammer' worm.
Here is Microsoft's link for the 32-bit patch:
http://www.microsoft.com/downloads/...&displaylang=en
Another thought to consider, 'SQL Injection Tag' attacks. This would be a
possbile concern if any of these database servers, are servering up web
pages that ask for user login and password information.
Just a couple of thoughts.
HTH
"Jerry" <anonymous@.discussions.microsoft.com> wrote in message
news:275f401c46381$f669b3f0$a501280a@.phx
.gbl...
> On two different days, June 7th and 28, our SQL error logs
> for 9 of 11 SQL Servers shows failed login attempts for
> each SQL user as listed in that server's logins. There
> are 9 failed attempts for each syslogin. We are running
> SQL 2000 with SP3 which indicates that we are protected by
> Slammer. Has anyone heard of a Slammer variation that may
> have started in June of 2004? Any other thoughts? Jerry|||Consider using Windows Authentication if possible and review what users are
granted access to the server.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||No but one thought is that what you are seeing could just be
from someone running MBSA (Microsoft Baseline Security
Analyzer). I think it logs an entry in the application log
on the server so you may be able to track down what date,
time it ran.
-Sue
On Tue, 6 Jul 2004 10:52:10 -0700, "Jerry"
<anonymous@.discussions.microsoft.com> wrote:
>On two different days, June 7th and 28, our SQL error logs
>for 9 of 11 SQL Servers shows failed login attempts for
>each SQL user as listed in that server's logins. There
>are 9 failed attempts for each syslogin. We are running
>SQL 2000 with SP3 which indicates that we are protected by
>Slammer. Has anyone heard of a Slammer variation that may
>have started in June of 2004? Any other thoughts? Jerrysql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment