Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2004-06-03 : 08:14:39
|
| Rich writes "Could you please tell me what OSQL.exe is and what it does.We currently run SQL Server 7.0 to run a couple of databases acorss a network and we have remote users dialling into our server (we have one open port on our firewall to allow them in)Recently our SQL databases have slowed to a halt. When I run the SQL profiler it shows an unknown user continuously connecting and disconnecting and running the application OSQL.exe and they are logging in (or trying to log in) as SA (system administrator)This traffic appears to slow SQL down so much that my users cannot access any databases or if they do they run very slowly.When I switch off our router and break our internet connection this unknown user no longer shows in SQL profiler, nor does OSQL.exe and all database access returns to normal.I can't close the port which I think is making us vunerable so is it safe to disable OSQL.exe??Any help would be very gratefuly received!many thanksRich Lewis" |
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2004-06-03 : 08:14:39
|
| Here's an article on osql.exe (http://www.sqlteam.com/item.asp?ItemID=744). It sounds to me like you've got someone trying to break into your system. |
 |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-06-03 : 08:57:45
|
| If the server they are dialing into doesn't need it, I would change the permissions so nobody has rights to use the SQL Tools on that box. Also, set up profiler and see if the OSQL connections are coming from the remote dialup host (check HostName) or some other box. If it's another box, see if you can capture the IP address of it.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-06-03 : 13:06:06
|
| Also, make sure your SA password is hard to crack. If it's easy, chances are that the person attempting to get in is going to crack it soon. You might consider only allowing Windows Authentication if your apps don't SQL authentication. In SQL Profiler, add hostname to your trace to find out which machine is doing this. Hostname is not added by default to the trace.Tara |
|
|
|
|
|
|
OSQL.exe