nanog mailing list archives
Re: management interface accessability (was Re: Worm / UDP1434)
From: "Steven M. Bellovin" <smb () research att com>
Date: Sun, 26 Jan 2003 12:42:57 -0500
In message <20030126172907.GA31694 () f00f org>, Chris Wedgwood writes:
On Sun, Jan 26, 2003 at 01:37:16AM +0000, Paul Vixie wrote:... If you are relying on their ACL's to protect your telnet and snmp access, but are otherwise allowing their management interfaces to hear traffic from the whole Internet, then you should turn in your badge and go back to bagging groceries or whatever it is you used to do.Some would argue this should apply to those exposing MSSQL to the outside world such that it could even receive malicious port 1434 packets...
Therein lies the rub. I'm curious -- every medium or large company I'm aware of had Code Red on the inside of the firewalls. What happened this time? Did it get inside? If so, has anyone analyzed how? --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
Current thread:
- Re: management interface accessability (was Re: Worm / UDP1434) Steven M. Bellovin (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Johannes Ullrich (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Stephen J. Wilcox (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Iljitsch van Beijnum (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Johannes Ullrich (Jan 26)