nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: M$SQL cleanup incentives

From: "Stephen Sprunk" <stephen () sprunk org>
Date: Sat, 22 Feb 2003 15:46:42 -0600

Thus spake <jlewis () lewis org>

If your network is able to contain slammer infected boxes without
melting down, who cares if you have a few infected customers?  You
don't need to filter, and they'll all be encouraged to fix their systems
sooner.


As one hoster put it to me, DoS and worm traffic is billable so it's not in
the hoster's interests to protect customers -- quite the opposite in fact.


I don't believe we'll have to filter 1434/udp forever, but I plan to leave
the filters in place until we no longer need them or until they hurt more
than they help.


What will you do when a similar worm appears on 53/udp or some other
heavily-used port?  We lucked out with Sapphire because MS/SQL is generally
safe to block on public networks, but its speed can be easily applied to
other protocols we can't afford to block.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking
Previous By Date Next
Previous By Thread Next

Current thread: