Sqlslammer

Discussion in 'other firewalls' started by AnthonyG, Apr 25, 2005.

Thread Status:
Not open for further replies.
  1. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    _'yesterday i updated to mcafee desktop firewall 8.5 from 8, and literally every 30 mins im getting a permision screen for a sqlslammer. The warning alert is scaring the life out of me as its a loud siren, ive disabled this noise now but im still getting the pop up.

    What is it.
     
  2. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is it just an alert notifying you the firewall has blocked this? If so, can you configure the firewall to just deny and log - no alert?

    Regards,

    CrazyM
     
  4. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    it is saying would you like to block or block for 20 minutes.

    how do i disable this screen, it never came up at all with mdf8.

    I would rather not update to xpsp2.

    Also is my computer infected with a worm?
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you select block do the alerts continue? Are you getting alerts for all blocked unsolicited inbound packets? I would hope you can configure it to silently block and log, unless you like getting alerts on everything.

    If it is working differently than your previous version you may need to go through the help file and look for setting/configuration options that may have changed.

    Not sure what updating to xpsp2 has to do with what you are experiencing?

    If these are just blocked unsolicited inbound packets it does not mean you are infected.
    What is showing in the logs?

    Regards,

    CrazyM
     
  6. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    thanks i just asked this as in the link Huwge gave it said it was due to a worm infection, and an upgrade to a new servica pack was required.

    when i click block the message just comes back in 30 mins and again and again, what do i do to perminantly block
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is it just for this particular scan/probe or are you getting alerts on every blocked inbound packet? And to clarify, these are blocked inbound packets?

    You should be able to create a rule to block these particular scans, enable logging, no alert. Perhaps there is an existing rule/setting causing the alerts that could be modified. Have you checked all your rules? Would something like a block all inbound rule at the end be needed? A little more information on your existing rules would help.

    Edit: Does the version you are using include an IDS/IPS component that may be generating these alerts? If so, check the settings for alert/blocking options.

    Regards,

    CrazyM
     
    Last edited: Apr 26, 2005
Thread Status:
Not open for further replies.