Full Disclosure mailing list archives
RE: SQL Slammer - lessons learned
From: John.Airey () rnib org uk
Date: Fri, 7 Feb 2003 10:11:27 -0000
-----Original Message----- From: Ron DuFresne [mailto:dufresne () winternet com] Sent: 06 February 2003 18:33 To: Nicob Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] SQL Slammer - lessons learned I'm suspecting then alot of you must be just livid that most ISP' and backbone providers are blocking those udp packets to those borked M$-sql servers then? There's certain traffic that just does not need to be passed beyond certain borders, and can have bad effects if it does or is exposed.
Like I said, the probability of it affecting you is 64,511/1 per DNS query. However, a large organisation is going to see thousands of queries. Add to that the wonderful ability of IE to "cache" DNS errors and you'll soon see lots of complaints that websites go missing. We used to block over 300 TCP and UDP ports (ie before I realised the problem this was causing), reducing the probability of failure to around 20,000/1. Given thousands of requests daily this is an unacceptable failure rate. Which brings me full circle back to stateful inspection. I can see no business reason why any organisation would need the outside world to initiate sessions to ports other than allowed privileged ports. (I leave the definition of allowed privileged ports undefined as it is an issue between the ISP and its customers. One or two people have digressed onto this issue) Have a look at http://www.rfc-editor.org/rfc/rfc768.txt and http://www.rfc-editor.org/rfc/rfc793.txt for more details on UDP and TCP connections. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk Am I the only person in the UK who finds it strange that our Prime Minister complains of Human Rights abuses around the world, yet wishes to opt out of the European Convention of Human Rights? - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SQL Slammer - lessons learned, (continued)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
- Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)