Full Disclosure mailing list archives

RE: SQL Slammer - lessons learned

From: Paul Schmehl <pauls () utdallas edu>
Date: 06 Feb 2003 09:34:09 -0600

On Thu, 2003-02-06 at 06:32, John.Airey () rnib org uk wrote:


We've drifted from my original point, that ports used dynamically by IP
stacks should be distinct from service ports, so that ISPs or administrator
CAN block them without impacting the end user if they so wish. At the minute
we need stateful filtering to rescue us from the port allocation mess we are
in. SQL Slammer was only as successful as it was because stateful filtering
isn't widespread, ie this one got past many administrators of large networks
who are already careful about which services are publicly available.

Given the choice between controlling traffic at the border or keeping
thousands of "non-public" machines up to date, I know which I'd choose.

I think Slammer has pointed one of the biggest problems with security
today - hard shell on the outside, soft chewy middle.  Any time I get
involved in discussions about security philosophy, it always seems to
drift to how to keep the bad guys out.  Well, at a university, the bad
guys are *inside*.  They're learning programming, networks, algorithmic
theories, security principles, etc, etc, and they're *very* eager to try
it out.

For example, everybody gets really concerned about wireless network. 
OMG, what are we going to do?  WEP just isn't good enough.  Well WEP is
a darn sight better than the plain text traffic on the hard wired
network.  Why aren't we freaking out about that?  I contend it's because
everyone (big generalization here) sees the wired network as "secure". 
I mean who's going to tap in to that, right?  WRONG!!!

When I think about securing something, I think about securing it from
*everybody*, outside *and* inside the network.  But that isn't the
present focus of the security industry *in general*.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: SQL Slammer - lessons learned, (continued)
- - - RE: SQL Slammer - lessons learned Nicob (Feb 06)
    - RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
    - RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
    - Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
    - Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
    - Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned John . Airey (Feb 05)
- RE: SQL Slammer - lessons learned Cushing, David (Feb 05)
  - RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned John . Airey (Feb 06)
  - RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
    - RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- RE: SQL Slammer - lessons learned John . Airey (Feb 07)
  - Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
    - Re: SQL Slammer - lessons learned David Howe (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
  - Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
  - Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
  - Re: SQL Slammer - lessons learned yossarian (Feb 09)
    - RE: SQL Slammer - lessons learned Steve Wray (Feb 09)

(Thread continues...)