Re: SQL Slammer - lessons learned

[Niels Bakker <niels=netsys () bakker net>]

* John.Airey () rnib org uk [Fri 07 Feb 2003, 11:46 CET]:
[..]
> Which brings me full circle back to stateful inspection. I can see no
> business reason why any organisation would need the outside world to
> initiate sessions to ports other than allowed privileged ports. (I leave the
> definition of allowed privileged ports undefined as it is an issue between
> the ISP and its customers. One or two people have digressed onto this issue)

The concept of UDP having a session worth speaking of that firewalls can
use to distinguish packets belonging to a conversation from packets not
belonging to one is so deeply flawed I won't even get into it.

I'm not sure why this issue keeps getting rehashed.  It's been well
established that a policy of denying all that isn't needed is prudent.
Also, it's been established that it's not up to connectivity providers
to force their ideas of proper filters on everyone.


> - 
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,

Please use a real signature separator; software can then automatically
recognise signatures and skip them when quoting, for example.  Also, I'd
appreciate it if you would upgrade to a real mail user agent that
generated proper In-Reply-To: and References: headers so threading would
work for those who prefer to use it, e.g. me.

I also won't get started on your stupid legal disclaimer - whose only
value is to pinpoint your company's legal team as a bunch of knuckle-
dragging morons.  (So thanks for the heads-up in showing who you hang
out with; it's a valuable aid in determining one's worth.)

Have a Nice Day,


        -- Niels.

-- 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html