Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: Niels Bakker <niels=netsys () bakker net>
Date: Wed, 5 Feb 2003 19:32:20 +0100
On Wed, 2003-02-05 at 06:55, John.Airey () rnib org uk wrote:Sure, you can block 1434 udp inbound, but what if your DNS server (that doesn't run SQL server) picks that port randomly for incoming data from other DNS servers? You'll get failures when you shouldn't.
* pauls () utdallas edu (Paul Schmehl) [Wed 05 Feb 2003, 16:57 CET]:
No, you wouldn't, because DNS servers talk on port 53, and they wouldn't negotiate port 1434 because it's reserved for SQL.
Please learn how the Internet works. BIND8 and up don't use 53 as source for outgoing queries anymore by default; you can override this in named.conf with --- /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; --- So, given (1434 - 1023 - 1) other applications that use UDP active, or that many outstanding queries, BIND may very well end up using UDP port 1434 for a query packet. There is nothing in any application that keeps it from using 1434/udp, except it being in use already by another application. Apart from the ludicrous idea that UDP ports are `negotiated' in any way. -- Niels. -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SQL Slammer - lessons learned, (continued)
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Message not available
- Re: AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Rick Updegrove (Feb 03)
- Re: AOL refuses to help AIM users ATD (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Berend-Jan Wever (Feb 04)
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 05)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 05)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 05)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 05)
- Re: SQL Slammer - lessons learned David Howe (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)