RE: Windows Systems Defaced

From: H C (keydet89at_private)
Date: Fri May 03 2002 - 05:28:29 PDT

  • Next message: H C: "Re: 'rooted' NT/2K boxen?"

    > The above commands were directed to systems that
    > were listening on
    > port 1433/tcp and accessible from the outside.
    The commands in question are attempts to execute
    stored procedures in MS SQL.
    > At this time, I am not completely clear on how to
    > protect from this attack. 
    1.  Block port 1433 at the router/firewall.
    2.  Use a strong 'sa' password.
    3.  Remove or restrict access to the stored procedure.
    > but does anyone on this list know if
    > this is a safe and effective solution?
    It most definitely is.  We have a particular
    architecture, w/ SQL, and we've done what you've
    described, and have had no problems whatsoever.
    Do You Yahoo!?
    Yahoo! Health - your guide to health and wellness
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri May 03 2002 - 08:33:50 PDT