Full Disclosure mailing list archives
RE: SQL Slammer - lessons learned
From: John.Airey () rnib org uk
Date: Mon, 10 Feb 2003 10:24:08 -0000
-----Original Message----- From: Georgi Guninski [mailto:guninski () guninski com] Sent: 09 February 2003 22:24 To: Schmehl, Paul L Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] SQL Slammer - lessons learned Schmehl, Paul L wrote: ..snip...Are you really willing to demand your "freedom" in the face of the overwhelming odds that leaving those ports open will domore harm thangood?I am willing to demand my freedom. When I pay to an ISP for internet, I want to have all ports in/out working. If I don't want something working, I filter it at *my* firewall. When code red/nimbda hit some time ago on port 80, nobody suggested blocking port 80 for those II$, right? But when a worm hits on less popular port, people start attacking the symptoms, not the cause. Am I missing something? Georgi Guninski http://www.guninski.com
In the midst of all the opinions, what I had actually said was that part of the problem is due to the way that ports are used. Code Red/Nimda have fizzled out (probably still some infected machines out there), since it is possible to block ports below 1024. Granted, you would say that machines should be patched, however installing a machine from scratch means that at some point it is vulnerable, even more so now that MS is starting to insist that you use Windoze Update from the machine to update rather than allowing administrators to download the update. I used to create update CDs that would allow us to install these machines and patch them without plugging them into the network, but now I can't. Thanks Bill... This is not the case for higher ports. You will have problems if you block these ports indiscriminately. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk Am I the only person in the UK who finds it strange that our Prime Minister complains of Human Rights abuses around the world, yet wishes to opt out of the European Convention of Human Rights? - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SQL Slammer - lessons learned, (continued)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- Re: SQL Slammer - lessons learned David Howe (Feb 10)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 10)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
- Re: SQL Slammer - lessons learned Karl DeBisschop (Feb 10)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
- Re: SQL Slammer - lessons learned petard (Feb 10)
- Re: RE: SQL Slammer - lessons learned I.R. van Dongen (Feb 10)