Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 06 Feb 2003 17:30:12 -0800
Ron DuFresne wrote:
Perhaps I'm wrong and will be corrected, but nslookup and dig and the various other tools retry after a short timeout period, and do so on different ports then the first timeout request was made.<?> If I'm reading this correctly, then the significance of a dropped packet in a request is minimal.
Depends on the resolver. I just did some tests from Windows XPSP1 while running Ethereal. If you use the Windows nslookup, it does indeed use a different source port for each request. However, if you try it from the cmd prompt with ping, or from a browser (both of which I presume use the lookup calls from wsock32.dll) then it does not change source ports. In fact, it used the same source port to try both (fake) DNS hosts I configured. It used the same source port half a minute later when I tried again.
The overall point being that if you start blocking arbitrary ports, you break things in interesting ways.
BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SQL Slammer - lessons learned, (continued)
- RE: SQL Slammer - lessons learned John . Airey (Feb 05)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 05)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 05)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 05)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 05)
- Re: SQL Slammer - lessons learned David Howe (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned John . Airey (Feb 05)
- RE: SQL Slammer - lessons learned Nicob (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
- Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)