• Some additional comments and corrections (from experience):

    the 039 patch is not sufficient to keep a server from becoming infected and, from what I have seen, SP3 does not keep SQLSlammer out either.

    Information on how to combat and prevent attacks is available from Microsoft at http://www.microsoft.com/security/slammer.asp

    There was a significant amount of confusion due to early incorrect reports from anti-virus suppliers and even Microsoft on how to fix systems.

    A stop-gap measure to calm the network down if you are already under attack is to use an AD policy to block UDP port 1434 on all computers. This will prevent further infestation but you will still need to reboot infected servers to get the worm out of memory. Some applications may need ot be configured to use named pipes if you are blocking UDP port 1434 as they will not be able to resolve the port for named instances. Also, this will only work for Windows 2000 and XP environments; NT4/Windows Me do not support AD policies and may still be at risk if running SQL or MSDE 2000.

    Bryant E. Byrd, MCDBA

    SQL Server DBA/Systems Engineer

    Intellithought, Inc.

    bbyrd@intellithought.com

    [font="Tahoma"]Bryant E. Byrd, BSSE MCDBA MCAD[/font]
    Business Intelligence Administrator
    MSBI Administration Blog