Full Disclosure mailing list archives
RE: SQL Slammer - lessons learned
From: John.Airey () rnib org uk
Date: Thu, 6 Feb 2003 12:32:32 -0000
-----Original Message----- From: Nicob [mailto:nicob () nicob net] Sent: 06 February 2003 10:42 To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] SQL Slammer - lessons learned On Wed, 2003-02-05 at 16:38, Paul Schmehl wrote:Can you think of a legitimate reason why ISPs should allow ports 135-139/TCP/UDP to be open to the Internet? How about port445/UDP? IMO, it's not to the ISP to choose wich ports and services should I use. I pay it (sort of) for a pipe running from my home-computer to the wild Internet and *that's all*. I don't want some "services" like transparent proxies, AV scanning at the mail relay or port filtering. I just want a pipe ...What about the ISPs whose policy it is to not allow customers to run servers?That's another problem. If I ask for a pipe, I want a pipe. If I ask for a discount ADSL access with limited amount of trafic and no allowed hosting (HTTP, FTP, SMTP, SSH, ...), the ISP can restrict the inbound ports. If the next big vuln/worm is a SSH one, would you agree with an ISP blocking inbound TCP/22 and forbidding to users to connect to their home-LAN to check mails, get some files, start the coffe-maker or manage downloads ?
Not at all, especially when that would stop me tunnelling VNC through SSH, a lot cheaper than PC/Anywhere! We've drifted from my original point, that ports used dynamically by IP stacks should be distinct from service ports, so that ISPs or administrator CAN block them without impacting the end user if they so wish. At the minute we need stateful filtering to rescue us from the port allocation mess we are in. SQL Slammer was only as successful as it was because stateful filtering isn't widespread, ie this one got past many administrators of large networks who are already careful about which services are publicly available. Given the choice between controlling traffic at the border or keeping thousands of "non-public" machines up to date, I know which I'd choose. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk Am I the only person in the UK who finds it strange that our Prime Minister complains of Human Rights abuses around the world, yet wishes to opt out of the European Convention of Human Rights? - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SQL Slammer - lessons learned, (continued)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- RE: SQL Slammer - lessons learned Nicob (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
- Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)