Slammer, Alive…Barely

by Jason Brimhall
Categories: News, Professional, SSC, SSSOLV
Tags: ,
Comments: 1 Comment
Published on: January 24, 2012

Slammer

By now you must have heard of the SQL Slammer worm.  It was quite an infectious little nuisance.  The harm it caused came largely due to unpatched, unprotected SQL Servers.

We are now 9 years out from the initial discovery of this worm.  The worm has made its way onto the endangered species list – but it is not yet extinct.  I don’t know if I should be surprised by that.

My initial reaction is “No way that worm is still causing problems.  Everybody knows about it.”  But yet, I just caught several infection attempts from remote hosts that were affected by Slammer.  When I take a step back, I recall that many people out there are still running on unpatched servers.  I know of many places that are running SQL 2000.  I know of a large pool of servers across different versions and editions that are not patched.  I even know of a few places that are still running SQL 6.5.

When I take all of that into account, finding that Slammer is still active does not surprise me – but it should.

So for fun, here is what I was able to trap from the recent attempts at my machine with SQL Slammer.

Time:		 1/23/2012 3:59:03 PM
Event:		 Intrusion
IP Address/User: 202.56.192.195
Message:	 Attack type: MSSQL Resolution Service Buffer Overflow (Slammer)

When I trace that IP back to its source, I get a host name of the machine.  If I search on the Host Name of the IP Address, I find this page.  If I were a hacker, I now have a lot of valuable information.  I can also assume that this particular host has many virii.

This entire little foray has made me wonder how many people out there are concerned about security.  Do you know what the patch level is of your server?  Is your AV software up to date?  Are you running any form of HIPS?  If you are in IT and your focus is Data, you may want to check those things.  After all, our focus is to protect the data.

S3OLV February 2012

by Jason Brimhall
Categories: News, Professional, SSC, SSSOLV
Tags: ,
Comments: No Comments
Published on: January 23, 2012

Do you recognize this person?

 

If you are from the Colorado Springs area, you probably do.  This is:

 

 

 

Troy Ketsdever (twitter)

Troy will be presenting to the Las Vegas SQL User Group on February 9, 2012 @ 6:30 Pacific.  Here is his bio:

Troy Ketsdever is a data architect with over 15 years of commercial software development experience, and has maintained a love/hate relationship with SQL Server since version 4.2. In addition to his “day job”, Troy enjoys writing articles and presenting at user groups on a variety of database design and implementation topics.

His main objective and vision is “making the right information available to the right people at the right time”.

The topic that Troy has chosen for this meeting is titled: Zero to “MERGE” in 60 minutes.  And here is the abstract for that presentation.

Description: SQL Server 2008 saw the introduction of the new MERGE DML statement. In this session, we’ll take a look at the basic syntax and capabilities of the command. Once we have reviewed some simple examples, we’ll dive into some of the more advanced uses (abuses?) of the command, reinforcing our understanding by looking at more complex examples.

Bring your questions.  Bring your ugly code.  If you are remote, bring your own PIZZA.  Yes, this meeting will be both virtual and in person.

Virtual Meeting Info

Attendee URL: https://www.livemeeting.com/cc/UserGroups/join?id=H3ZGRQ&role=attend

Meeting ID:  H3ZGRQ

Physical Meeting Info

M Staff Solutions & Training / 2620 Regatta Drive Suite 102 Las Vegas, NV 89128

S3OLV – Jan 2012 Meeting Recap

by Jason Brimhall
Categories: News, Professional, SSC, SSSOLV
Tags: ,
Comments: No Comments
Published on: January 20, 2012

Last week (Jan 12, 2012), we held the user group meeting for the SQL Server Society of Las Vegas (a.k.a S3OLV or SSSOLV).

Presenting at that meeting was Josh Lewis (Twitter).  Josh presented on a pretty tough topic in my opinion.  He chose to present to us the topic of XML for the DBA.  You can read his abstract here.

We got the meeting rolling a little bit late.  Traffic must have been a bear down in LV.  Nonetheless, it got rolling and was a good meeting.

During this meeting we had our second installment of “Crap Code.”  Unintentionally, the crap code was a perfect segue into the presentation.  The crap code demonstrated extracting elements from XML related to the blocked process report.

Josh did a great job on the topic.  We recorded the meeting and you can view that here.  Check it out.  Get a little free learning on a difficult topic (for some us like myself).

Stay tuned, the February announcement is coming soon.

 

Dedicated Administrator Connection

by Jason Brimhall
Categories: News, Professional, SSC
Tags: , , ,
Comments: No Comments
Published on: January 19, 2012

Recently you may have read my article about some hidden functions in SQL Server.  In that article you learned that those functions were in some DMOs and that you could get at them through the resource database.

Today I found myself learning more about the resource database.  Due to what I had learned in my prior foray into the resource database, I was curious if certain other functions might call some hidden functions in that database.

Sadly – they did not.  But in my travels I did happen across something else that is in that database.  Those items are called system base tables.  Unlike the trio of functions from the last article – you can get to these but it is STRONGLY advised to not do it.

Naturally, I want to check these tables out – especially since the MSDN article does say how to get to them.  I will write about some adventures into looking at these tables in the future.  I already found one interesting thing that seemed odd – but first I will need to login using the DAC and start testing to confirm a hypothesis.

For now, I want to cover how to create a Dedicated Administrator Connection.  This should be something that DBAs know how to do.  It isn’t difficult, and I will only cover one method and leave the other method to the Microsoft documentation.

You can create a DAC through either SSMS or through SQLCMD.  You can create one remotely, but you will need to enable that option since it is disabled by default.  You can find the method for creating this connection via SQLCMD here.

To create a connection through SSMS, it is rather easy as well.  You simply add (case insensitive) “admin:” to the beginning of your server as shown in this image.

In order for this to work, you will need to have the browser service running.  If it is not running, you will get an error message.  This error message is informative if you read it.  It will provide a clue to look at the browser service.

Once you have successfully created this connection, you can now use it when necessary to perform administrative tasks or for some learning opportunities.  If you open a query using this connection you will see something like this next image in your query tab.

You can see in the tab of this query tab that there is the label “ADMIN:”.  This is your DAC connection.  You are limited to one of these at a time – period.

If you try to create a second connection, you will get a nasty message.  The message is not entirely informative – just understand that you are getting it because you already have a DAC open.

It is a good idea to become familiar with how to connect via the DAC.  I have a connection saved for quick access.  Luckily I have a development server which I can test and use for learning opportunities.  As the warning MSDN states: “Access to system base tables by using DAC is designed only for Microsoft personnel, and it is not a supported customer scenario.”  If you venture into the system base tables via the DAC – Microsoft will not support it if you break it.

Blackout

by Jason Brimhall
Categories: News, Professional, SSC, SSSOLV
Tags: , , ,
Comments: No Comments
Published on: January 18, 2012

What more can I say.  I disagree with the kind of legislation that is being presented via SOPA and PIPA.

In support of the community, my site will be dark 18 Jan 2012 between 10:30 and 21:30 GMT-8.

Normal services will return after that.

 

You can see support of this from some more reputable sites as well.

Wikipedia

 

Steve Jones @ SqlServerCentral

Grant Fritchey

Gail Shaw

 

page 1 of 54»
Calendar
January 2012
M T W T F S S
« Dec    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
Follow me on Google+
Jason Brimhall

In 246 people's circles

Add to circlesi
Content
Categories

Categories

Popular Posts

Popular Posts

Blogroll

Blogroll

Now Reading

Now Reading

Planned books:

Current books:

  • ChiRunning: A Revolutionary Approach to Effortless, Injury-Free Running

    ChiRunning: A Revolutionary Approach to Effortless, Injury-Free Running by Danny Dreyer, Katherine Dreyer

  • Advanced Marathoning – 2nd Edition

    Advanced Marathoning – 2nd Edition by Peter Pfitzinger, Scott Douglas

  • SQL Server MVP Deep Dives

    SQL Server MVP Deep Dives by Nielsen Paul, Delaney Kalen, Machanic Adam, Tripp Kimberly, Randal Paul, Low Greg

  • A World Without Heroes (Beyonders)

    A World Without Heroes (Beyonders) by Brandon Mull

Recent books:

View full Library

SQLHelp

SQLHelp


Recent Posts
  • Slammer, Alive...Barely by Jason Brimhall

    Slammer By now you must have heard of the SQL Slammer worm.  It was quite an infectious little nuisance.  The harm it caused came largely due to unpatched, unprotected SQL Servers. We are now 9 years out from the initial discovery of this worm.  The worm has made its way [...]

  • S3OLV February 2012 by Jason Brimhall

    Do you recognize this person?   If you are from the Colorado Springs area, you probably do.  This is:       Troy Ketsdever (twitter) Troy will be presenting to the Las Vegas SQL User Group on February 9, 2012 @ 6:30 Pacific.  Here is his bio: Troy Ketsdever is [...]

  • S3OLV - Jan 2012 Meeting Recap by Jason Brimhall

    Last week (Jan 12, 2012), we held the user group meeting for the SQL Server Society of Las Vegas (a.k.a S3OLV or SSSOLV). Presenting at that meeting was Josh Lewis (Twitter).  Josh presented on a pretty tough topic in my opinion.  He chose to present to us the topic of [...]

  • Dedicated Administrator Connection by Jason Brimhall

    Recently you may have read my article about some hidden functions in SQL Server.  In that article you learned that those functions were in some DMOs and that you could get at them through the resource database. Today I found myself learning more about the resource database.  Due to what [...]

  • Blackout by Jason Brimhall

    What more can I say.  I disagree with the kind of legislation that is being presented via SOPA and PIPA. In support of the community, my site will be dark 18 Jan 2012 between 10:30 and 21:30 GMT-8. Normal services will return after that.   You can see support of [...]

  • A Trio of Functions by Jason Brimhall

    I found myself perusing an execution plan the other day.  I know, big surprise there.  This execution plan showed me some interesting things I had never really paid much attention to in the past.  When I started paying attention to these things, I found myself jumping down a rabbit hole. [...]

  • Meme15 Twitter by Jason Brimhall

    Twitter and Your Career With the new blog party on the block, we have Jason Strate (blog | twitter) asking us this month these two questions: Why should average Jane or Joe professional consider using twitter? What benefit have you seen in your career because of twitter? But first, a [...]

  • Missing Indexes by Jason Brimhall

    SQL Server has means built into it to track possible missing indexes.  This used to be found through the use of the Index Tuning Wizard.  The process has improved over time (you can sort of see that from my April Fools post). As luck would have it, I was recently [...]

  • TSQL Tuesday #26 or #23 - I… by Jason Brimhall

    The first opportunity of this New Year to participate in TSQLTuesday, we have been invited by David Howard (blog) to take a second shot at a previous TSQLTuesday. This second shot is giving me fits.  I have no clue if it is TSQLTuesday 26 or if it is TSQLTuesday 23. [...]

  • S3OLV update and Reminder by Jason Brimhall

    We are now just a few days away from our first meeting of 2012.  We have some good content lined up.  Check it out here. I am looking forward to the presentation on XML and would really love to be able to bring Josh back to finish out the series. [...]

Categories
Recent Comments
  • Jason Brimhall about Slammer, Alive...Barely
    As a follow-up to this, I have monitored my logs throughout the day and continue to see various different hosts ...
  • Jason Brimhall about Missing Indexes
    Yes - that would definitely be an issue. Thanks for getting back on it.
  • david about Missing Indexes
    I found that the problem was related to the database being in compatibility mode 80. It works fine for compatibility ...
  • Jason Brimhall about Missing Indexes
    I created the script on 2008 R2. Are you using the script as is, or did you modify? ...
  • David about Missing Indexes
    does this only apply to SQL 2005? I get an error on SQL 2008 R2: Msg 102, Level 15, State ...
  • Jason Brimhall about Missing Indexes
    Yes. The higher the value, the more likely the index would be of benefit to you.
  • Neil about Missing Indexes
    A quick question about the Impact column. I just want to check that the higher the number, the better ...
  • Steve Jones about Daemon
    Excellent books. The first is better than the second, but the second has some good philisophical/thinking areas. If you haven't read ...
  • Dugi about Filtering in SSMS
    Hi Jason, this is very nice possibility in SSMS! Most of the DB Developers didn't know about it, I'm talking for ...
  • Jason Brimhall about Database Data and Log Size Info
    D'oh. I didn't even think of the funky naming conventions out there. I will fix that.
Welcome , today is Friday, January 27, 2012