Full Disclosure mailing list archives
RE: SQL Slammer - lessons learned
From: Paul Schmehl <pauls () utdallas edu>
Date: 06 Feb 2003 09:34:09 -0600
On Thu, 2003-02-06 at 06:32, John.Airey () rnib org uk wrote:
We've drifted from my original point, that ports used dynamically by IP stacks should be distinct from service ports, so that ISPs or administrator CAN block them without impacting the end user if they so wish. At the minute we need stateful filtering to rescue us from the port allocation mess we are in. SQL Slammer was only as successful as it was because stateful filtering isn't widespread, ie this one got past many administrators of large networks who are already careful about which services are publicly available. Given the choice between controlling traffic at the border or keeping thousands of "non-public" machines up to date, I know which I'd choose.
I think Slammer has pointed one of the biggest problems with security today - hard shell on the outside, soft chewy middle. Any time I get involved in discussions about security philosophy, it always seems to drift to how to keep the bad guys out. Well, at a university, the bad guys are *inside*. They're learning programming, networks, algorithmic theories, security principles, etc, etc, and they're *very* eager to try it out. For example, everybody gets really concerned about wireless network. OMG, what are we going to do? WEP just isn't good enough. Well WEP is a darn sight better than the plain text traffic on the hard wired network. Why aren't we freaking out about that? I contend it's because everyone (big generalization here) sees the wired network as "secure". I mean who's going to tap in to that, right? WRONG!!! When I think about securing something, I think about securing it from *everybody*, outside *and* inside the network. But that isn't the present focus of the security industry *in general*. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SQL Slammer - lessons learned, (continued)
- RE: SQL Slammer - lessons learned Nicob (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
- Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
- Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Steve Wray (Feb 09)