Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: "yossarian" <yossarian () planet nl>
Date: Sun, 9 Feb 2003 19:52:12 +0100
PS wrote
Can you think of a legitimate reason why ISPs should allow ports 135-139/TCP/UDP to be open to the Internet? How about port 445/UDP? Many ISPs now block port 25/TCP (for obvious reasons.) Why not other service ports?
SD wrote
Are that InternetServiceProviders or InternetServiceCensors?
I feel free to implement an own strange private protocol using UDP 135 and I pay the ISP for routing this. I don't see any responsibility for ISPs to care about the content.
I think the answer is in your exemple: If only we were to standardise on an MS World, vulnerable MS ports would be blockable, w/o collateral damage for people not adhering to standard MS. The legitimate reasons Paul asks for, are that ports are only loosely standardised. With the growing use of flexible port-adressing and masquerading in P2P clients, concentrating a discussion on certain ports appears a bit outdated to me. IMHO the real issue is where do we expect to be protected, or put in another way, who will we blame if our systems go down? Do we see the Internet as a massive threat, or do we expect it to be safe for lightweight use, i.e. less features and freedom = less threats. Funny is that some people expect people ISP to deny all and only permit what is necessary, since no one can expect parties connected, such as corporate networks and home users, to do so themselves - let the ISP set up a FW since it is too costly and/or too complex for me. Well, about too costly - ISP are usually commercial entities, so it will raise the prices, nothing in life is free. It might be commercially viable for ISP's to setup two networks, one for people that only need three or four internetfunctions (HTTP, POP, SMTP and IMAP), Nah, don't think so. People might suddenly want to run MSN, or something else. My question - must my ISP know all types of traffic legit to me, in order to service me? And change the rulesets if I update some software? Or should I apply this knowledge to set up a firewall that suits my own needs? My ISP can not setup a FW that suits me 100%, since it has other companies / customers with different needs on the same local loop. So even if my ISP were to block most of the dangerous traffic, I still would need a FW, since it cannot block all. And since an ISP must make profit, having them doing MY firewall be probably be a lot more expensive than if I do it myself. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SQL Slammer - lessons learned, (continued)
- Re: SQL Slammer - lessons learned David Howe (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- RE: SQL Slammer - lessons learned Nicob (Feb 06)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 06)
- Re: SQL Slammer - lessons learned Steffen Dettmer (Feb 09)
- Re: SQL Slammer - lessons learned yossarian (Feb 09)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 06)
- RE: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 07)
- Re: SQL Slammer - lessons learned David Howe (Feb 07)