Hi
I have a Win2003 server with SQL 2000 installed.
Over weekends it take half of the bandwith. I have Scanned it with symantec corporate edition and lots of virus fixes... none of it picked up anything. I traced all the outgoing packets and loads of the went to different IP Addresses(which follewed on each other) but all to port 1433, which is a SQL Port. any help or ideas please?
Win 2003 Server Take lots of bandwith over weekends?
I'm not an SQL boffin, but I know there are a number of worms which attack default installations of SQL server - typically those with blank sa passwords - and send out probes on port 1433 and 1434.
Slammer, Spida, DigiSpid are all examples from almost a year ago, so unless your AV defenitions are seriously out-of-date, you may have a new nasty onboard.
Maybe this link will come in handy - I'd also suggest a firewall.
What processes are running, by the way?
Slammer, Spida, DigiSpid are all examples from almost a year ago, so unless your AV defenitions are seriously out-of-date, you may have a new nasty onboard.
Maybe this link will come in handy - I'd also suggest a firewall.
What processes are running, by the way?
Well i have ran fixes for SQLSnake, SQL Slammer and a few of them. Going to gave a look in the event viewer when i get a chance. All the latest service packs and fixes is installed. Think im gotta have to install a firewall... that should do the job... for processes go have a look at
http://www.dyntek.co.za under virus help. the's a xls file called processes
http://www.dyntek.co.za under virus help. the's a xls file called processes
here is a link to a diagram of the trafic. green bit is outgoing trafic all always happen at night or over weekends http://www.dyntek.co.za/webshack-week.png
Here's a basic Windows sniffer - only a trial-version, but it'll check outbound packets.TheWall wrote:where can i get a packet sniffer?
Here's another one