fellow geeks,
has anyone else noticed a significant increase in random packages on port 1433?

we had a flat out DOS attack on the SQL server port trough all of last week, i finally had to change the standard port for SQL to get it running again.
the packages still hit the router/firewall, but now they're just dropped.
and they seem to come from everywhere, not just a single source.
it slowed down our server(s) to a crawl ...

Andy

Nope... Firewall is not logging anything unusual...

We are seeing a ton of spoofed e-mail with the friggin Mydoom virus... bouncy bouncy. I basically blocked any e-mails with .scr, .pif, .bat, .zip, .exe., and .htm attachments. We are getting about 100 a day, just to spoofed addresses.

Andy,
I've not seen any high traffic on 1433. Even if there had been I NEVER run sql on a public interface. For example, I've got mySQL running on a webserver, but port 1433 is blocked on the ethernet interface. The webserver should query the sql daemon via the localhost (127.0.0.1), not over the public interface (unless they are not both are running on the same box of course).

-Ben

i know and i do (for the web-server) but i'm also a lazy-ass and use the enterprise manager to remotely log in into my SQL7 server.
therefore, i need a open port ...

i changed the default port to something else and now it's fine.
whatever tool/bug/virus was hitting us seems to be hardcoded to the default port ...

Andy