RE: SQL Slammer - lessons learned

[John.Airey () rnib org uk]

> -----Original Message-----
> From: David Howe [mailto:DaveHowe () cmn sharp-uk co uk]
> Sent: 03 February 2003 15:32
> To: Email List: Full Disclosure
> Subject: Re: [Full-disclosure] SQL Slammer - lessons learned
>
>
> at Monday, February 03, 2003 2:50 PM, John.Airey () rnib org uk
> <John.Airey () rnib org uk> was seen to say:
> > I think you misunderstood what I was getting at. By separating
> > services from dynamic ports, the average PC doesn't need to be
> > patched as often against worms like SQL Slammer (particularly as the
> > MSDE code seems to be so endemic). Should there be a legitimate need
> > to open those ports to the outside world, you can request this via
> > your ISP as you would do with the "Well Known" ports at the moment.
> Most isps seem to have no problems with the Well Known ports 
> being open
> inbound (unless they are explicitly banning servers, including p2p and
> game servers). To have to individually control open and 
> closed ports for
> dialup, cable or dsl users would be a major nightmare - not 
> to mention a
> massively customerbase-reducing move.

How the ports are managed by the ISPs is up to them. We have a managed
router where we block everything we can without breaking legitimate access.
However, not having a practical option to block certain ports is a problem.
My point was on the allocation and use by TCP/IP stacks.

Sure, you can block 1434 udp inbound, but what if your DNS server (that
doesn't run SQL server) picks that port randomly for incoming data from
other DNS servers? You'll get failures when you shouldn't.

> Proof by induction? a huge number of people have travelled far enough
> from home that "noon" is noticably offset from home time, and called
> home by telephone.

I could postulate the theory that the Earth is the shape of a rugby ball.
OK, it would have its detractors, but only those that have seen it for
themselves could genuinely disprove me.

John

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html