From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_002E_01C2C72A.431A0DD0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Everything on the Internet was hit.  MSN was working fine for me =
through out.  I know some folks like my father had problems connecting = or
authenticating after connecting because of the network overload.  = Going
by my father's complaining, and he complains whenever he can't = check his
email, he was having problems on Saturday for about 8 hours.

   It may be that some folks were having DNS problems that they mistook =
for site problems.  I had problems with DNS lookups for a while and =
couldn't resolve names to addresses.

Rich

  "Ellen K."  wrote in message =
news:uvve3v0h60a23k3qc1r6n4u2mal6tfrclv{at}4ax.com...
  Today at work somebody told me they heard MSN's servers were badly hit
  by the slammer worm.

  On Tue, 28 Jan 2003 12:04:42 -0500, "geo"
 wrote in
  message :

  >I simply can't believe this is so fu'd..
  >
  >Geo.
  >
  >---------------
  ><<
  >Robert Chin wrote;
  >"I'm confused about the version of the ssnetlib.dll file. In Eric =
post,
  >it's indicated that the version of this dll file should be =
2000.80.636.0
  >or later to be considered patched. And in Microsoft's re-released =
patch
  >for MS02-061, it indicates that one may need to install Q317748 after
  >the installation of MS02-061. The ssnetlib.dll file version under the
  >MS02-061 patch is: 2000.80.679.0. However, the same file under =
Q317748,
  >is: 2000.80.568.0. Any clarification on this is highly appreciated."
  >>>
  >
  >1. MS02-039 was the first Security Bulletin hotfix for SQL which
  >addressed the vulnerability Slammer exploits. The affected file was
  >ssnetlib.dll, and the first corrected version was 2000.080.0636.00. =
That
  >was released at the end of June 2002.
  >
  >2. MS02-043 was released in August 2002, and it contained the same
  >ssnetlib.dll as MS02-039.
  >
  >3. MS02-056 came along in October 2002, and it contained an =
ssnetlib.dll
  >versioned 2000.080.0679.00.
  >
  >4. Q317748 was a SQL hotfix that was not a security bulletin. It
  >addressed a handle leak that was introduced with SQL SP2. It was
  >released in October 2002. I have had reports from people who have =
been
  >running many SQL servers without that patch and have never =
encountered a
  >problem. The specifics of the handle leak are such that it does not
  >affect many installations.
  >
  >Unfortunately, Q317748 has a problem. Despite being released 3 months
  >after the first SQL patch that corrected the vulnerability Slammer
  >exploits, it contained the wrong version of ssnetlib.dll. Q317748
  >contained 2000.080.0568.00.
  >
  >So if you had applied MS02-039, or MS02-043, or MS02-056 before =
Q317748
  >came along, and then applied Q317748, you may have downgraded your
  >ssnetlib.dll to a version that did not address Slammer. When you run
  >Q317748 on a system that had an updated ssnetlib.dll, you would have
  >been prompted that the file you were replacing was newer than the
  >replacement (if you weren't doing this in unattended mode). If you =
said
  >don't replace, you'd be fine, otherwise, you regressed.
  >
  >5. MS02-061 came along later in October 2002. It *did* contain the
  >MS02-056 version of ssnetlib.dll, a version which addressed Slammer.
  >Unfortunately, it did not include the ssmslpcn.dll from Q317748.
  >
  >6. SQL/MSDE SP3 came along January 2003. It contains updates for
  >ssnetlib.dll and ssmslpcn.dll, both version 2000.080.0760.00.
  >
  >7. MS02-061 was re-released January 26th, 2003. The only change to it
  >was that the ssmslpcn.dll from Q317748 (v2000.080.0568.00) was added =
to
  >the previously released patch, and a script was wrapped around it to
  >make it easier to install. As a result, MS02-061 now contains both =
the
  >handle leak patch, and the Slammer patch, in one pre-SP3 package.
  >
  >Hope that makes it as clear as it can be.
  >
  >Cheers,
  >Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
  >

------=_NextPart_000_002E_01C2C72A.431A0DD0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








  
Everything on the Internet =
was=20
hit.  MSN was working fine for me through out.  I know
some = folks like=20
my father had problems connecting or authenticating after connecting = because of=20
the network overload.  Going by my father's complaining, and he =
complains=20
whenever he can't check his email, he was having problems on Saturday = for about=20
8 hours.
 
   It may be
that some folks =
were having=20
DNS problems that they mistook for site problems.  I had problems
= with DNS=20
lookups for a while and couldn't resolve names to =
addresses.
 
Rich
 

  "Ellen K." <72322.1016{at}compuserve.com&g=">mailto:72322.1016{at}compuserve.com">72322.1016{at}compuserve.com&g=
t;=20
  wrote in message news:uvve3v0h60a=
23k3qc1r6n4u2mal6tfrclv{at}4ax.com...Today=20
  at work somebody told me they heard MSN's servers were badly hitby =
the=20
  slammer worm.On Tue, 28 Jan 2003 12:04:42 -0500,
"geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote =
inmessage=20
  <3e36b64f$1{at}w3.nls.net>:<=">mailto:3e36b64f$1{at}w3.nls.net">3e36b64f$1{at}w3.nls.net>:<=
BR>>I=20
  simply can't believe this is so=20
  =
fu'd..>>Geo.>>---------------><<=
>Robert=20
  Chin wrote;>"I'm confused about the version of the
ssnetlib.dll =
file.=20
  In Eric post,>it's indicated that the version of this dll file =
should=20
  be 2000.80.636.0>or later to be considered patched. And in =
Microsoft's=20
  re-released patch>for MS02-061, it indicates that one may need =
to=20
  install Q317748 after>the installation of MS02-061. The =
ssnetlib.dll=20
  file version under the>MS02-061 patch is: 2000.80.679.0. =
However, the=20
  same file under Q317748,>is: 2000.80.568.0. Any clarification =
on this=20
  is highly
appreciated.">>>>>1.
MS02-039 was =
the=20
  first Security Bulletin hotfix for SQL which>addressed the=20
  vulnerability Slammer exploits. The affected file =
was>ssnetlib.dll, and=20
  the first corrected version was 2000.080.0636.00. That>was =
released at=20
  the end of June 2002.>>2. MS02-043 was
released in =
August 2002,=20
  and it contained the same>ssnetlib.dll as =
MS02-039.>>3.=20
  MS02-056 came along in October 2002, and it contained an=20
  ssnetlib.dll>versioned
2000.080.0679.00.>>4. =
Q317748 was=20
  a SQL hotfix that was not a security bulletin. It>addressed a =
handle=20
  leak that was introduced with SQL SP2. It was>released in =
October 2002.=20
  I have had reports from people who have been>running many SQL =
servers=20
  without that patch and have never encountered a>problem. The =
specifics=20
  of the handle leak are such that it does not>affect many=20
  installations.>>Unfortunately, Q317748
has a problem. =
Despite=20
  being released 3 months>after the first SQL patch that =
corrected the=20
  vulnerability Slammer>exploits, it contained the wrong version =
of=20
  ssnetlib.dll. Q317748>contained =
2000.080.0568.00.>>So if=20
  you had applied MS02-039, or MS02-043, or MS02-056 before =
Q317748>came=20
  along, and then applied Q317748, you may have downgraded=20
  your>ssnetlib.dll to a version that did not address Slammer. =
When you=20
  run>Q317748 on a system that had an updated ssnetlib.dll, you =
would=20
  have>been prompted that the file you were replacing was newer =
than=20
  the>replacement (if you weren't doing this in unattended mode). =
If you=20
  said>don't replace, you'd be fine, otherwise, you=20
  regressed.>>5. MS02-061 came along
later in October =
2002. It=20
  *did* contain the>MS02-056 version of ssnetlib.dll, a version =
which=20
  addressed Slammer.>Unfortunately, it did not include the =
ssmslpcn.dll=20
  from Q317748.>>6. SQL/MSDE SP3 came
along January 2003. =
It=20
  contains updates for>ssnetlib.dll and ssmslpcn.dll, both =
version=20
  2000.080.0760.00.>>7. MS02-061 was
re-released January =
26th,=20
  2003. The only change to it>was that the ssmslpcn.dll from =
Q317748=20
  (v2000.080.0568.00) was added to>the previously released patch, =
and a=20
  script was wrapped around it to>make it easier to install. As a =
result,=20
  MS02-061 now contains both the>handle leak patch, and the =
Slammer=20
  patch, in one pre-SP3 package.>>Hope
that makes it as =
clear as=20
  it can
be.>>Cheers,>Russ -
Surgeon General of =
TruSecure=20
  Corporation/NTBugtraq
Editor>

------=_NextPart_000_002E_01C2C72A.431A0DD0--

--- BBBS/NT v4.01 Flag-4