Sql - GoFuckYourself.com

missnglnk · 01-25-2003, 01:46 AM

Long story short, if your sponsor uses Microsoft SQL for their DB backend, don't expect to get paid on time this month.

EscortBiz · 01-25-2003, 01:47 AM

why, is all of SQL whiped out?

missnglnk · 01-25-2003, 01:50 AM

It's a worm exploiting bugs in Microsoft's SQL server, but it's people's own fault for not patching 6 MONTHS AGO when Microsoft released patches.

EscortBiz · 01-25-2003, 01:51 AM

Quote:

Originally posted by missnglnk
It's a worm exploiting bugs in Microsoft's SQL server, but it's people's own fault for not patching 6 MONTHS AGO when Microsoft released patches.

so does that mean thaqt all data is lost

nuclei · 01-25-2003, 01:52 AM

Quote:

Originally posted by EscortBiz

so does that mean thaqt all data is lost

it doesnt appear to affect data at all. it just apears to infect machines to ddos the net and spread.

EscortBiz · 01-25-2003, 01:53 AM

Quote:

Originally posted by nuclei

it doesnt appear to affect data at all. it just apears to infect machines to ddos the net and spread.

thanks

toddler · 01-25-2003, 01:55 AM

Quote:

Originally posted by EscortBiz

so does that mean thaqt all data is lost

don't know yet. so far it looks like fairly large ddos. I'm trying to get my hands on the payload to see what is really is. hearing fairly large icmp packets.

i doubt the data is gone, but some people will be totally fucked come bandwidth bill time. told people before to keep current on patches, but ya'll fuckers don't listen. now there is cost associated, maybe some will.

t

Zebra · 01-25-2003, 01:55 AM

This patch was released in July of last year.

This cycle will continue to consume server and network resources until one of the servers stops sending packets for one of several reasons, including a restart of the SQL Server, a reboot of the server host, or a network failure.

Basically this exploit causes MS servers to ping each other back and forth, using up system resources on the servers. Once the attack is stopped the machine should be fine. This expoit is not supposed to wipe anything out, just bog it down to a standstill.

nuclei · 01-25-2003, 01:56 AM

Quote:

Originally posted by toddler

don't know yet. so far it looks like fairly large ddos. I'm trying to get my hands on the payload to see what is really is. hearing fairly large icmp packets.

i doubt the data is gone, but some people will be totally fucked come bandwidth bill time. told people before to keep current on patches, but ya'll fuckers don't listen. now there is cost associated, maybe some will.

t

UDP packets not icmp.

and heres the CERT advisory on this fucker:

http://www.kb.cert.org/vuls/id/370308

toddler · 01-25-2003, 01:58 AM

Quote:

Originally posted by nuclei

UDP packets not icmp.

and heres the CERT advisory on this fucker:

http://www.kb.cert.org/vuls/id/370308

aware of that. report i saw said a fairly large ping, then a nice udp flood.

KC · 01-25-2003, 02:00 AM

are you trying to create panic?

Why the hell would this have anything to do with payouts?

There are workarounds.. They need to get the patch and block the UDP port that's being attacked.

It has nothing to do with payouts..

nuclei · 01-25-2003, 02:05 AM

Quote:

Originally posted by KC
are you trying to create panic?

Why the hell would this have anything to do with payouts?

There are workarounds.. They need to get the patch and block the UDP port that's being attacked.

It has nothing to do with payouts..

exactly why i posted in this thread to let people know the real deal before this thread got out of hand.

Zebra · 01-25-2003, 02:05 AM

Payouts should be fine once this attack is stopped. Over the next 12 hours the majority of admins around the world who have MS servers should be getting the patch and fixing the problem. This exploit does not erase any info, it only causes MS servers to ping each other back and forth and use system resources till the server is bogged down. The increase in traffic has slowed some networks and providers down. Over the next 12 hours it should get much better. Pretty interesting that is started late on a Friday night. A lot of admins are going to be waking up in the morning shitting their pants.

missnglnk · 01-25-2003, 02:06 AM

So how exactly do you track signups when your SQL servers are pumping 100Mbps on your FastEthernet port? Magical backdoor? Trapdoor in the floor? Psychokinetic packet reprioritization?

nuclei · 01-25-2003, 02:09 AM

Quote:

Originally posted by missnglnk
So how exactly do you track signups when your SQL servers are pumping 100Mbps on your FastEthernet port? Magical backdoor? Trapdoor in the floor? Psychokinetic packet reprioritization?

most systems dont use MS SQL which is the only thing affected.

Brad Mitchell · 01-25-2003, 02:14 AM

Quote:

Originally posted by missnglnk
It's a worm exploiting bugs in Microsoft's SQL server, but it's people's own fault for not patching 6 MONTHS AGO when Microsoft released patches.

Bullshit, I have an SQL box that has always been current with patches, including the most recent one two days ago. And, it's screwed.

Brad

iwantchixx · 01-25-2003, 02:15 AM

AMAZINGLY thehun.net is using MS sql..... wholly muthafucking sql DB errors batman, just "try" to submit a gallery.

picindex · 01-25-2003, 02:16 AM

Quote:

Originally posted by iwantchixx
AMAZINGLY thehun.net is using MS sql..... wholly muthafucking sql DB errors batman, just "try" to submit a gallery.

uhm... last I heard thehun was run off sun servers...

nuclei · 01-25-2003, 02:17 AM

Quote:

Originally posted by iwantchixx
AMAZINGLY thehun.net is using MS sql..... wholly muthafucking sql DB errors batman, just "try" to submit a gallery.

sun i think

KC · 01-25-2003, 02:18 AM

Quote:

Originally posted by missnglnk
So how exactly do you track signups when your SQL servers are pumping 100Mbps on your FastEthernet port? Magical backdoor? Trapdoor in the floor? Psychokinetic packet reprioritization?

They block the UDP traffic at the router level.. the web servers will be able to talk to the DB's but the DDoS stuff will be filtered out..

Are you ready to stop being a jerky ass?

missnglnk · 01-25-2003, 12:00 PM

I was talking about infected servers PUSHING traffic out, not reception of packets from infected servers, but who cares now, most of it has seemed to subside.

webair · 01-25-2003, 12:51 PM

WASHINGTON (Jan. 25) - Traffic on the Internet slowed dramatically for hours early Saturday, the effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and broadly interfered with Web browsing and delivery of e-mail.

Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the ''Code Red'' virus during the summer of 2001 which also ground online traffic to a halt.

''It's not debilitating,'' said Howard Schmidt, President Bush's No. 2 cyber-security adviser. ''Everybody seems to be getting it under control.'' Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it.

Most home users did not need to take any protective measures.

The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called ''SQL Server 2000.'' But the attacking software code was scanning for victim computers so randomly and so aggressively - sending out thousands of probes each second - that it saturated many Internet data pipelines.

Schmidt said disruption within the U.S. government was minimal, partly because the attack occurred early on a Saturday morning.

''This is like Code Red all over again,'' said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. ''The sheer number of attacks is eating up so much bandwidth that normal operations can't take place.''

''The impact of this worm was huge,'' agreed Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver. ''It's a very significant attack.''

Koshy added that, about six hours after the attack started, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic. At the height of the attack, another company reported that computers were flooded with more than 125 megabytes of data every second.

''People are recovering from it,'' Koshy said.

Symantec Corp., an antivirus vendor, estimated that at least 22,000 systems were affected worldwide.

''Traffic itself seems to have leveled off a little bit, so likely only so many systems are exposed out there,'' said Oliver Friedrichs, senior manager with Symantec Security Response. The attacking software, technically known as a worm, was overwhelming Internet traffic-directing devices known as routers.

''The Internet is still usable, but we're definitely receiving reports from some of our customers who have had it affect their routers specifically,'' Friedrichs said.

The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem ''critical'' and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

''People need to do a better job about fixing vulnerabilities,'' Schmidt said.

The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center.

''No where do you see everything that has happened in cyber-space, no one has that synoptic view,'' said Dick Clarke, Bush's top cyber-security adviser, during a speech earlier this month to U.S. intelligence officials. ''What we're talking about is seeing something in time to stop it, a major cyber attack.''

During the ''Code Red'' attack in July 2001, about 300,000 mostly corporate server computers were infected and programmed to launch a simultaneous attack against the Web site for the White House, which U.S. officials were able to defend successfully.

Unlike that episode, the malicious software used in this latest attack did not appear to do anything other than try to spread its own infection, experts said.

On the Net:

Technical details:
http://www.microsoft.com/technet/tre...url=/technet/s ecurity/ http://www.eeye.com/html/Research/Flash/AL20030125.html

Microsoft fix: bulletin/MS02-039.asp

AP-NY-01-25-03 0820EST

Copyright 2003 The Associated Press. The information contained in the AP news report may not be published, broadcast, rewritten or otherwise distributed without the prior written authority of The Associated Press. All active hyperlinks have been inserted by AOL.

01-25-2003, 01:46 AM	#1
missnglnk Confirmed User Join Date: Aug 2001 Location: New York, NY Posts: 131	Sql Long story short, if your sponsor uses Microsoft SQL for their DB backend, don't expect to get paid on time this month. __________________ -- cat: .signature: No such file or directory

01-25-2003, 01:47 AM	#2
EscortBiz Fuck Checks, CASH only! Join Date: May 2002 Location: New York City Posts: 19,422	why, is all of SQL whiped out? __________________ Spanking, Medical Fetish, Sleeping, Strap-on Anal Lesbians, Girls Fucking Guys, Handjob site REAL HOT, Shemales, Anal and Ass Licking sites 100% Real EXCLUSIVE with amazing retention, ccbill payouts, lots of content FREE FTP HOSTING Promote the largest and oldest member paid escort site, Converts 10 times better then any dating site, CCBill payouts ICQ# 158802076

01-25-2003, 01:50 AM	#3
missnglnk Confirmed User Join Date: Aug 2001 Location: New York, NY Posts: 131	It's a worm exploiting bugs in Microsoft's SQL server, but it's people's own fault for not patching 6 MONTHS AGO when Microsoft released patches. __________________ -- cat: .signature: No such file or directory

01-25-2003, 01:55 AM	#8
Zebra Banned from Kimmy's couch Industry Role: Join Date: Oct 2001 Location: Down at Fraggle Rock Posts: 5,091	This patch was released in July of last year. This cycle will continue to consume server and network resources until one of the servers stops sending packets for one of several reasons, including a restart of the SQL Server, a reboot of the server host, or a network failure. Basically this exploit causes MS servers to ping each other back and forth, using up system resources on the servers. Once the attack is stopped the machine should be fine. This expoit is not supposed to wipe anything out, just bog it down to a standstill. __________________ Old School

01-25-2003, 02:00 AM	#11
KC Confirmed User Industry Role: Join Date: Jan 1995 Posts: 2,417	are you trying to create panic? Why the hell would this have anything to do with payouts? There are workarounds.. They need to get the patch and block the UDP port that's being attacked. It has nothing to do with payouts.. __________________ Jupiter Hosting, Inc. Vice President, Business Development kc (AT) jupiterhosting.com

01-25-2003, 02:05 AM	#13
Zebra Banned from Kimmy's couch Industry Role: Join Date: Oct 2001 Location: Down at Fraggle Rock Posts: 5,091	Payouts should be fine once this attack is stopped. Over the next 12 hours the majority of admins around the world who have MS servers should be getting the patch and fixing the problem. This exploit does not erase any info, it only causes MS servers to ping each other back and forth and use system resources till the server is bogged down. The increase in traffic has slowed some networks and providers down. Over the next 12 hours it should get much better. Pretty interesting that is started late on a Friday night. A lot of admins are going to be waking up in the morning shitting their pants. __________________ Old School

01-25-2003, 02:06 AM	#14
missnglnk Confirmed User Join Date: Aug 2001 Location: New York, NY Posts: 131	So how exactly do you track signups when your SQL servers are pumping 100Mbps on your FastEthernet port? Magical backdoor? Trapdoor in the floor? Psychokinetic packet reprioritization? __________________ -- cat: .signature: No such file or directory

01-25-2003, 02:15 AM	#17
iwantchixx Too lazy to set a custom title Industry Role: Join Date: Oct 2002 Location: The Boonies Posts: 12,860	AMAZINGLY thehun.net is using MS sql..... wholly muthafucking sql DB errors batman, just "try" to submit a gallery.

01-25-2003, 12:00 PM	#21
missnglnk Confirmed User Join Date: Aug 2001 Location: New York, NY Posts: 131	I was talking about infected servers PUSHING traffic out, not reception of packets from infected servers, but who cares now, most of it has seemed to subside. __________________ -- cat: .signature: No such file or directory

01-25-2003, 12:51 PM	#22
webair Confirmed User Industry Role: Join Date: Feb 2002 Location: NYC, NY Posts: 8,531	WASHINGTON (Jan. 25) - Traffic on the Internet slowed dramatically for hours early Saturday, the effects of a fast-spreading, virus-like infection that overwhelmed the world's digital pipelines and broadly interfered with Web browsing and delivery of e-mail. Sites monitoring the health of the Internet reported significant slowdowns globally. Experts said the electronic attack bore remarkable similarities to the ''Code Red'' virus during the summer of 2001 which also ground online traffic to a halt. ''It's not debilitating,'' said Howard Schmidt, President Bush's No. 2 cyber-security adviser. ''Everybody seems to be getting it under control.'' Schmidt said the FBI's National Infrastructure Protection Center and private experts at the CERT Coordination Center were monitoring the attack and offering technical advice to computer administrators on how to protect against it. Most home users did not need to take any protective measures. The virus-like attack, which began about 12:30 a.m. EST, sought out vulnerable computers on the Internet to infect using a known flaw in popular database software from Microsoft Corp., called ''SQL Server 2000.'' But the attacking software code was scanning for victim computers so randomly and so aggressively - sending out thousands of probes each second - that it saturated many Internet data pipelines. Schmidt said disruption within the U.S. government was minimal, partly because the attack occurred early on a Saturday morning. ''This is like Code Red all over again,'' said Marc Maiffret, an executive with eEye Digital Security, whose engineers were among the earliest to study samples of the attack software. ''The sheer number of attacks is eating up so much bandwidth that normal operations can't take place.'' ''The impact of this worm was huge,'' agreed Ben Koshy of W3 International Media Ltd., which operates thousands of Web sites from its computers in Vancouver. ''It's a very significant attack.'' Koshy added that, about six hours after the attack started, commercial Web sites that had been overwhelmed were starting to come back online as engineers began effectively blocking the malicious data traffic. At the height of the attack, another company reported that computers were flooded with more than 125 megabytes of data every second. ''People are recovering from it,'' Koshy said. Symantec Corp., an antivirus vendor, estimated that at least 22,000 systems were affected worldwide. ''Traffic itself seems to have leveled off a little bit, so likely only so many systems are exposed out there,'' said Oliver Friedrichs, senior manager with Symantec Security Response. The attacking software, technically known as a worm, was overwhelming Internet traffic-directing devices known as routers. ''The Internet is still usable, but we're definitely receiving reports from some of our customers who have had it affect their routers specifically,'' Friedrichs said. The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the problem ''critical'' and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix. ''People need to do a better job about fixing vulnerabilities,'' Schmidt said. The latest attack was likely to revive debate within the technology industry about the need for an Internet-wide monitoring center, which the Bush administration has proposed. Some Internet industry executives and lawyers said they would raise serious civil liberties concerns if the U.S. government, not an industry consortium, operated such a powerful monitoring center. ''No where do you see everything that has happened in cyber-space, no one has that synoptic view,'' said Dick Clarke, Bush's top cyber-security adviser, during a speech earlier this month to U.S. intelligence officials. ''What we're talking about is seeing something in time to stop it, a major cyber attack.'' During the ''Code Red'' attack in July 2001, about 300,000 mostly corporate server computers were infected and programmed to launch a simultaneous attack against the Web site for the White House, which U.S. officials were able to defend successfully. Unlike that episode, the malicious software used in this latest attack did not appear to do anything other than try to spread its own infection, experts said. On the Net: Technical details: http://www.microsoft.com/technet/tre...url=/technet/s ecurity/ http://www.eeye.com/html/Research/Flash/AL20030125.html Microsoft fix: bulletin/MS02-039.asp AP-NY-01-25-03 0820EST Copyright 2003 The Associated Press. The information contained in the AP news report may not be published, broadcast, rewritten or otherwise distributed without the prior written authority of The Associated Press. All active hyperlinks have been inserted by AOL. __________________ ~ Webair Dedicated Cloud Servers™ ~ WEBAIR VSYS™ Virtual Hosting Platform ~ Superior CDN Network ~ ~ Managed Dedicated hosting Specialists ~ DISCOUNT DOMAIN NAMES! ~ WEBAIR FUSION IO MANAGED CLOUD SERVERS! ~ *ICQ:* 243116321 - *TWITTER* - @WEBAIRINC - E-Mail: [email protected]