Help needed with Encore Pro and MSSQL problem
- littlebaddow
- Posts: 416
- Joined: Wed Dec 08, 2004 12:21 pm
- Location: Essex, England
Help needed with Encore Pro and MSSQL problem
I'm trying to unpick several issues with my PC following some recent unwise downloading to my PC by one of my daughters (she is recovering well and should be out of plaster in a few weeks )
One of the frequent messages I'm getting from Norton AV is that an instrusion has been detected and blocked, relating to MSSQL, which is I believe what makes the Encore Pro database operate.
Any advice appreciated (in laymans terms please) on whether this is a serious threat and what I can do about it?
The full details (for those to whom they might mean something) are:
Intrusion: MSSQL StackOverflow
Intruder: 217.43.195.15 (1488)
Protocol: UDP
Attacked IP: 0.0.0.0
Attacked Port: ms-sql-m (1434)
Thanks
One of the frequent messages I'm getting from Norton AV is that an instrusion has been detected and blocked, relating to MSSQL, which is I believe what makes the Encore Pro database operate.
Any advice appreciated (in laymans terms please) on whether this is a serious threat and what I can do about it?
The full details (for those to whom they might mean something) are:
Intrusion: MSSQL StackOverflow
Intruder: 217.43.195.15 (1488)
Protocol: UDP
Attacked IP: 0.0.0.0
Attacked Port: ms-sql-m (1434)
Thanks
Airsense 10 & Airfit N20
MSSql had a vulnerablity that was used for attacking computers running it. Microsoft patched it, and patched computers are no longer vulnerable.
1. Did you reinstall your operating system?
2. If yes, did you connect to http://windowsupdate.microsoft.com ? Do so if you haven't and let windows install all the security updates.
3. Make sure you've got the latest virus signatures from Symantec (and the latest antivirus progarm version) and run a full scan.
I wouldn't consider my computer secure without taking those 3 steps.
O.
P.S. I'm glad to hear you daughter is reviving. What did you use, the keyboard?
1. Did you reinstall your operating system?
2. If yes, did you connect to http://windowsupdate.microsoft.com ? Do so if you haven't and let windows install all the security updates.
3. Make sure you've got the latest virus signatures from Symantec (and the latest antivirus progarm version) and run a full scan.
I wouldn't consider my computer secure without taking those 3 steps.
O.
P.S. I'm glad to hear you daughter is reviving. What did you use, the keyboard?
_________________
Mask: AirFit™ P10 Nasal Pillow CPAP Mask with Headgear |
Additional Comments: Machine: Resmed AirSense10 for Her with Climateline heated hose ; alternating masks. |
And now here is my secret, a very simple secret; it is only with the heart that one can see rightly, what is essential is invisible to the eye.
Antoine de Saint-Exupery
Good advice is compromised by missing data
Forum member Dog Slobber Nov. 2023
Antoine de Saint-Exupery
Good advice is compromised by missing data
Forum member Dog Slobber Nov. 2023
- littlebaddow
- Posts: 416
- Joined: Wed Dec 08, 2004 12:21 pm
- Location: Essex, England
- christinequilts
- Posts: 489
- Joined: Sun Jan 23, 2005 12:06 pm
If it makes you feel better my MS-SQL accidently got deleted by me...got click happy while cleaning up my computer. I was in a panic until I remember I had just done an export of data to send it to my desktop...and I actually found the exported file on my desktop. Knowing I should be able to import the data back in I was a little more at ease as I reinstalled Encore Pro from the CD. It recognized that the Encore Pro was installed so it didn't mess with that but it did reinstall the SQL and something else I can't recall. I was totally shocked when I opened up Encore Pro and my old data was still there...didn't even need exported copy but it did teach me a lesson to backup my BiPAP ST data before I screw around with my computer too much.
It does look like you need to get your security updates up to date. I did a Whois search of the intruder IP- looks like someone in the UK who is using btcentralplus.com as their ISP. Someone more techy then me can probably help you figure out more about who tried to attack you and what it means.
Hmmm...this doesn't sound good...
UDP Port 1434
Common Use
Microsoft SQL Monitor use in monitoring Microsoft SQL Databases.
Inbound Traffic
Inbound scans are typically from systems infected with the SQL Slammer worm looking for vulnerable Microsoft SQL Servers or MSDE systems to infect. SQL Slammer has the distinction of being the fastest worm ever released on the internet and while we were perhaps the first to publish a notice concerning SQL Slammer by then it was too late as SQL Slammer had compromised most of its available victims world wide within 15 minutes.
Outbound Traffic
Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated.
It does look like you need to get your security updates up to date. I did a Whois search of the intruder IP- looks like someone in the UK who is using btcentralplus.com as their ISP. Someone more techy then me can probably help you figure out more about who tried to attack you and what it means.
Hmmm...this doesn't sound good...
UDP Port 1434
Common Use
Microsoft SQL Monitor use in monitoring Microsoft SQL Databases.
Inbound Traffic
Inbound scans are typically from systems infected with the SQL Slammer worm looking for vulnerable Microsoft SQL Servers or MSDE systems to infect. SQL Slammer has the distinction of being the fastest worm ever released on the internet and while we were perhaps the first to publish a notice concerning SQL Slammer by then it was too late as SQL Slammer had compromised most of its available victims world wide within 15 minutes.
Outbound Traffic
Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated.
From a post I did in Jun 05:
MS SQL Security Center states Default install of MSSQL monitors TCP port 1433 and UDP port 1434...configure firewall to filter out packets addressed to those ports.
...could block them specifically with your firewall. Found it easier to just start MSSQL as needed with my firewall blocking internet activity and then stop it before going on the internet.
Jim
MS SQL Security Center states Default install of MSSQL monitors TCP port 1433 and UDP port 1434...configure firewall to filter out packets addressed to those ports.
...could block them specifically with your firewall. Found it easier to just start MSSQL as needed with my firewall blocking internet activity and then stop it before going on the internet.
Jim
9-11 cm Remstar Auto w/C-Flex off,
Heated Humidifier & Hose...Breeze, Activa, Ultra Mirage FF, Hybrid
Encore Pro w/MyEncore enhancements
Heated Humidifier & Hose...Breeze, Activa, Ultra Mirage FF, Hybrid
Encore Pro w/MyEncore enhancements
- rested gal
- Posts: 12881
- Joined: Thu Sep 09, 2004 10:14 pm
- Location: Tennessee
Good advice, JL. I start/stop MSSQL long enough to do the Encore thing, and don't connect to the internet until after I've turned MSSQL off. That was -SWS's routine, too, I believe.Found it easier to just start MSSQL as needed with my firewall blocking internet activity and then stop it before going on the internet.
Makes the simple cable download straight from my first 420E to my computer look more and more inviting to go back to. I never minded carrying that sweet little machine to my computer desk.
Christine - who is "we" in that sentence? I'm curious about that well organized data.Inbound scans are typically from systems infected with the SQL Slammer worm looking for vulnerable Microsoft SQL Servers or MSDE systems to infect. SQL Slammer has the distinction of being the fastest worm ever released on the internet and while we were perhaps the first to publish a notice concerning SQL Slammer by then it was too late as SQL Slammer had compromised most of its available victims world wide within 15 minutes.
O.
_________________
Mask: AirFit™ P10 Nasal Pillow CPAP Mask with Headgear |
Additional Comments: Machine: Resmed AirSense10 for Her with Climateline heated hose ; alternating masks. |
And now here is my secret, a very simple secret; it is only with the heart that one can see rightly, what is essential is invisible to the eye.
Antoine de Saint-Exupery
Good advice is compromised by missing data
Forum member Dog Slobber Nov. 2023
Antoine de Saint-Exupery
Good advice is compromised by missing data
Forum member Dog Slobber Nov. 2023
You guys might also want to make sure that sql server isn't running any background services. If these are listening on either one of those ports someone could still compromise your pc. Don't know what os you're running but you can probably use task manager to check for these processes.
BTW, to be safe you should probably get an inexpensive switch/firewall. This can be used to block access to all ports, essentially hiding your network from the internet. These can be purchased for around $100 from linksys or d-link, and many others.
The software firewall that comes with XP SP2 is probably the next best thing and is free. I am less familiar with it, but it seems to work well.
-BP
BTW, to be safe you should probably get an inexpensive switch/firewall. This can be used to block access to all ports, essentially hiding your network from the internet. These can be purchased for around $100 from linksys or d-link, and many others.
The software firewall that comes with XP SP2 is probably the next best thing and is free. I am less familiar with it, but it seems to work well.
-BP