[rescue] new worm?
Johan Fischer
jofi at swepipe.com
Sat Jan 25 11:28:41 CST 2003
It get worse, we have had three servers trashed by the worm, all of them
are SMP (2-4 cpu) Windows 2000 servers running SQL server 2000.
Al nine of our DB servers have a weekly shedule for our sysadmins to
monitor and apply security patches and services packs.
All five ms-sql servers was shutdown during the "service slot" wednesday
eavning and have had the SP3 applied on them.
The two single cpu mashines have not been affected but all three SMP's
have. for f--ks sake m$ get yer act togheter.
Point of entry? simple, a developer with a ms-sql server on his laptop
dialed in to his faworite ISP and started a tunnel to our FW. Since he
didnt have any "local" firewall on his modem line his laptop got infected
first then it blew 1 of the SMP servers...
So finaly i realy hope i will get the money to convert the shit to a
decent DB.
M$ is a desktop OS keep it there.
//Johan
Sysadmin Swepipe.
Uhmm and yes we shut them down and did put them on a sepparate switch,
rolled back one of them two days from the backup, applied ALL patches and
the SP3 (AGAIN), did put all three servers online (two infected and one
newly patched) it took less than 2 minutes untils it started to bombard
it's gw with udp... *ARGH* rolled back binarys to last nites backup,
and put them online on sepparate lans and are now holding our thumbs.
More information about the rescue
mailing list