Full Disclosure mailing list archives
RE: SQL Slammer - lessons learned
From: "Cushing, David" <David.Cushing () hitachisoftware com>
Date: Wed, 5 Feb 2003 14:45:48 -0500
* pauls () utdallas edu (Paul Schmehl) [Wed 05 Feb 2003, 16:57 CET]:No, you wouldn't, because DNS servers talk on port 53, andthey wouldn'tnegotiate port 1434 because it's reserved for SQL.Please learn how the Internet works. BIND8 and up don't use 53 as source for outgoing queries anymore by default; you can override this in named.conf with .....
Perhaps everyone should start indicating whether they are talking about source or destination ports. Paul was talking about the destination port that the server was listening on, which will always be 53 for a DNS server. The only DNS server that will accept a packet on UDP 1434 is a customized one. You are talking about the source port used when making queries. The source port is not part of the specification, so cannot be counted on for anything. Assume it to be random. For all you simpletons who don't know how the internet works, Niels forgot to send you a link :) http://www.ietf.org/rfc/rfc1035.txt 4.2 - Transport -David _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SQL Slammer - lessons learned, (continued)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- RE: SQL Slammer - lessons learned Nicob (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
- Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)