Full Disclosure mailing list archives
Re: The worm author finally revealed!
From: Paul Schmehl <pauls () utdallas edu>
Date: 31 Jan 2003 13:00:33 -0600
On Fri, 2003-01-31 at 11:31, David Howe wrote:
at Friday, January 31, 2003 3:55 PM, Paul Schmehl <pauls () utdallas edu>Firewall? DMZ? What makes you think everybody has those?Its about $40 for a personal firewall; Windows 2K and above come as standard with one installed anyhow. Even if this won't give you a DMZ, it at least gives you local port filtering. Why allow access to anything other than the required ports? Its your server and if it gets compromised its your problem. Use the available tools to expose just the ports you use and no others (unix admins seem to have no problems with this concept - why do windows admins seem to go for "do a full install and give it whatever access it wants"?)
Your $40 personal firewall won't do shit for a class B network with two DS3s, must less an OC3. Enterprise firewalls are a lot more than $40, and they need a full time *skilled* technician to make them worth using. Now you're in the range of $100,000+ for first year costs (equipment and licensing costs, installation costs, hiring costs and salary.) A DMZ requires *two* of those babies. Now you're up to a quarter of a million dollars. And people in high places sit up and take notice when you start asking for that kind of money. Redundancy requires *four* of them. Now you're at a half a mil. And the routers to handle that kind of traffic are close to six figures as well. But you don't want to put too many ACLs on that router or it'll be CPU bound and traffic will start congesting at the ingress and egress of the network. It gets expensive in a hurry. Now do you still need to wonder why some networks have no firewall and no DMZ?
How 'bout an even more esoteric question? Why do the tier 1 providers (like UUNET) allow traffic on port 1434???because there is no reason to block it.
Really? Well people here are talking about suing the "admins" who are "too lazy" to patch. How about if I sue the ISPs who don't block port 1434/UDP and consequently take down the Internet from all their single users who were running SQL with no clue? Wanna bet a lawyer will take that case some day? -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: The worm author finally revealed!, (continued)
- Re: The worm author finally revealed! sockz loves you (Jan 30)
- RE: The worm author finally revealed! futureshoks (Jan 30)
- RE: The worm author finally revealed! Pipes Cuchifrito (Jan 30)
- RE: The worm author finally revealed! Paul Schmehl (Jan 30)
- RE: The worm author finally revealed! futureshoks (Jan 31)
- Re: The worm author finally revealed! HggdH (Jan 31)
- Re: The worm author finally revealed! Mark Renouf (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! David Howe (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! yossarian (Jan 31)
- Re: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! madsaxon (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)