nanog mailing list archives
Re: Blocking port udp/tcp 1433/1434
From: John Kristoff <jtk () northwestern edu>
Date: Thu, 12 May 2005 12:23:19 -0500
On Thu, 12 May 2005 04:15:07 -1000 Brian Russo <brian () entropy net> wrote:
Perhaps a better question is: Is there now justification for allowing transit for ms-sql slammer ports?
I think there always has been some justification. Here is a very small sample of real traffic that I can assure is not Slammer traffic, but it is being filtered nonetheless (IP addresses removed): May 12 09:15:30.598 CDT[...] denied udp removed(53) -> removed(1434), 1 packet May 12 09:26:30.210 CDT[...] denied tcp removed(80) -> removed(1434), 1 packet May 12 09:32:23.122 CDT[...] denied tcp removed(80) -> removed(1434), 1 packet May 12 09:42:38.558 CDT[...] denied udp removed(123) -> removed(123), 1 packet May 12 10:12:50.422 CDT[...] denied udp removed(53) -> removed(1434), 1 packet Some have suggested adjusting filters so that the src port is > 1023, which may be somewhat less harmful, but then others may object to this being an unacceptable hole. You can design networks, educate people, build tools, and write secure software to deal with all of the security problems, which will be very expensive and slow or you can count down from 2^320 til you approach 0, perhaps in large jumps, which is the way of the IP/TCP packet filters. That might be just as slow and expensive, but unfortunately results in complete dismantling of the system. Perhaps there are better alternatives, but I think they probably fall in between those two. John
Current thread:
- Re: Blocking port udp/tcp 1433/1434, (continued)
- Re: Blocking port udp/tcp 1433/1434 Jeff Rosowski (May 11)
- Re: Blocking port udp/tcp 1433/1434 Gadi Evron (May 11)
- Re: Blocking port udp/tcp 1433/1434 Chip Mefford (May 11)
- Re: Blocking port udp/tcp 1433/1434 Jeff Kell (May 11)
- Re: Blocking port udp/tcp 1433/1434 Hank Nussbacher (May 11)
- Re: Blocking port udp/tcp 1433/1434 Jeff Kell (May 11)
- Re: Blocking port udp/tcp 1433/1434 Joe Maimon (May 11)
- Re: Blocking port udp/tcp 1433/1434 Gadi Evron (May 11)
- Re: Blocking port udp/tcp 1433/1434 Brian Russo (May 12)
- Re: Blocking port udp/tcp 1433/1434 Valdis . Kletnieks (May 12)
- Re: Blocking port udp/tcp 1433/1434 Brian Russo (May 12)
- Re: Blocking port udp/tcp 1433/1434 John Kristoff (May 12)
- Re: Blocking port udp/tcp 1433/1434 Valdis . Kletnieks (May 12)
- Re: Blocking port udp/tcp 1433/1434 Jeff Kell (May 12)
- Re: Blocking port udp/tcp 1433/1434 Valdis . Kletnieks (May 12)
- Re: Blocking port udp/tcp 1433/1434 Jeff Rosowski (May 11)
- Re: Blocking port udp/tcp 1433/1434 MARLON BORBA (May 11)
- Re: Blocking port udp/tcp 1433/1434 Jon Lewis (May 11)
- Re: Blocking port udp/tcp 1433/1434 Fergie (Paul Ferguson) (May 11)