Full Disclosure mailing list archives
Re: SQL Slammer - lessons learned
From: Henrik Lund Kramshøj <hlk () kramse dk>
Date: Mon, 3 Feb 2003 13:08:12 +0100
On mandag, feb 3, 2003, at 12:23 Europe/Copenhagen, John.Airey () rnib org uk wrote:
I've put a lot of time into researching further into what I already knowabout TCP/IP connections, and this is what I've learned: The Well Known Ports are those from 0 through 1023. The Registered Ports are those from 1024 through 49151 The Dynamic and/or Private Ports are those from 49152 through 65535 (See http://www.iana.org/assignments/port-numbers) ...A long term solution would be to separate port usage in IPv6, if this has not already been done. ie, to keep a range of numbers that are only ever used for connecting to external machines and the IPv6 stacks stick to this range. This will allow for better filtering by ISPs too, although someone will probably still find a way of getting worms onto this range. It is sadlytoo late now to fix the large number of "broken" IPv4 stacks.
IMHO this "long term solution" is in NO WAY a solution at all, and might hinder future communication if adopted! Making "some ports" more special than others depending on arbitrary ranges will not help security. The "transport" networks, and certainly the core Internet should not put restrictions on the port ranges that are "acceptable" (YES I recommend end-user-networks, inside a company be seperatedand filtered from the outside Internet and also from the inside to the outside)
If you like you can avoid the use of IPv6 global-unicast addresses on your hosts if you dont want them to connect to the Internet (or only connect using your
webproxies etc.)It is hard to predict the future, but blocking certain ports in general will
be a bad thing, and your suggestion is IMHO letting politics decide the future use of TCP/IP. Best regards -- Henrik Lund Kramshøj hlk@{kramse.dk|inet6.dk|sikkerhedsforum.dk|security6.net} Please read email policy at http://www.kramse.dk/email _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SQL Slammer - lessons learned John . Airey (Feb 03)
- Re: SQL Slammer - lessons learned Henrik Lund Kramshøj (Feb 03)
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- <Possible follow-ups>
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Message not available
- Re: AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Rick Updegrove (Feb 03)
- Re: AOL refuses to help AIM users ATD (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Berend-Jan Wever (Feb 04)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 05)