Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: "David Howe" <DaveHowe () cmn sharp-uk co uk>
Date: Mon, 3 Feb 2003 12:40:12 -0000
All good points - but missing the essential point that, even if the internet ports were redivided into "server" at (say) 1-10240 and "user" at 10241+ (like the current division at 1024) this worm would *still* have spread like wildfire. the service exploited is a legitimate service, so would be expected to run on a server port. Filtering would allow you to block certain services at the expense of blocking anyone being able to run those servers legitimately ( which may be borderline acceptable to filter dialup/home users and protect all those insecure MSDE owners out there) but would still not have slowed the infection of legitimate servers; The only place to close ports to inbound traffic is at the server running that service in the first place. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SQL Slammer - lessons learned John . Airey (Feb 03)
- Re: SQL Slammer - lessons learned Henrik Lund Kramshøj (Feb 03)
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- <Possible follow-ups>
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Message not available
- Re: AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Rick Updegrove (Feb 03)
- Re: AOL refuses to help AIM users ATD (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Berend-Jan Wever (Feb 04)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 05)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 05)