Full Disclosure mailing list archives

Re: SQL Slammer - lessons learned

From: Henrik Lund Kramshøj <hlk () kramse dk>
Date: Mon, 3 Feb 2003 13:08:12 +0100

On mandag, feb 3, 2003, at 12:23 Europe/Copenhagen,John.Airey () rnib org uk wrote:

I've put a lot of time into researching further into what I alreadyknow
about TCP/IP connections, and this is what I've learned:

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151

The Dynamic and/or Private Ports are those from 49152 through 65535
(See http://www.iana.org/assignments/port-numbers)
...
A long term solution would be to separate port usage in IPv6, if thishasnot already been done. ie, to keep a range of numbers that are onlyeverused for connecting to external machines and the IPv6 stacks stick tothisrange. This will allow for better filtering by ISPs too, althoughsomeonewill probably still find a way of getting worms onto this range. It issadly
too late now to fix the large number of "broken" IPv4 stacks.

IMHO this "long term solution" is in NO WAY a solution at all, and might
hinder future communication if adopted!

Making "some ports" more special than others depending on arbitrary
ranges will not help security.

The "transport" networks, and certainly the core Internet should not put
restrictions on the port ranges that are "acceptable"
(YES I recommend end-user-networks, inside a company be seperated

and filtered from the outside Internet and also from the inside to theoutside)

If you like you can avoid the use of IPv6 global-unicast addresses onyour hostsif you dont want them to connect to the Internet (or only connect usingyour

webproxies etc.)

It is hard to predict the future, but blocking certain ports in generalwill

be a bad thing, and your suggestion is IMHO letting politics decide the
future use of TCP/IP.

Best regards
--
Henrik Lund Kramshøj
hlk@{kramse.dk|inet6.dk|sikkerhedsforum.dk|security6.net}
Please read email policy at http://www.kramse.dk/email

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

SQL Slammer - lessons learned John . Airey (Feb 03)
- Re: SQL Slammer - lessons learned Henrik Lund Kramshøj (Feb 03)
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- <Possible follow-ups>
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
  - AOL refuses to help AIM users ATD (Feb 03)
    - Message not available
    - Re: AOL refuses to help AIM users ATD (Feb 03)
    - Re: AOL refuses to help AIM users Rick Updegrove (Feb 03)
    - Re: AOL refuses to help AIM users ATD (Feb 03)
    - Re: AOL refuses to help AIM users Berend-Jan Wever (Feb 04)
- RE: SQL Slammer - lessons learned John . Airey (Feb 05)
  - RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
    - Re: SQL Slammer - lessons learned Helmut Springer (Feb 05)

(Thread continues...)