Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The worm author finally revealed!

From: Paul Schmehl <pauls () utdallas edu>
Date: 31 Jan 2003 13:00:33 -0600
On Fri, 2003-01-31 at 11:31, David Howe wrote:

at Friday, January 31, 2003 3:55 PM, Paul Schmehl <pauls () utdallas edu>

Firewall?  DMZ?  What makes you think everybody has those?

Its about $40 for a personal firewall; Windows 2K and above come as
standard with one installed anyhow. Even if this won't give you a DMZ,
it at least gives you local port filtering. Why allow access to anything
other than the required ports?  Its your server and if it gets
compromised its your problem. Use the available tools to expose just the
ports you use and no others (unix admins seem to have no problems with
this concept - why do windows admins seem to go for "do a full install
and give it whatever access it wants"?)


Your $40 personal firewall won't do shit for a class B network with two
DS3s, must less an OC3.  Enterprise firewalls are a lot more than $40,
and they need a full time *skilled* technician to make them worth
using.  Now you're in the range of $100,000+ for first year costs
(equipment and licensing costs, installation costs, hiring costs and
salary.)

A DMZ requires *two* of those babies.  Now you're up to a quarter of a
million dollars.  And people in high places sit up and take notice when
you start asking for that kind of money.

Redundancy requires *four* of them.  Now you're at a half a mil.  And
the routers to handle that kind of traffic are close to six figures as
well.  But you don't want to put too many ACLs on that router or it'll
be CPU bound and traffic will start congesting at the ingress and egress
of the network.

It gets expensive in a hurry.  Now do you still need to wonder why some
networks have no firewall and no DMZ?



How 'bout
an even more esoteric question?  Why do the tier 1 providers (like
UUNET) allow traffic on port 1434???

because there is no reason to block it.


Really?  Well people here are talking about suing the "admins" who are
"too lazy" to patch.  How about if I sue the ISPs who don't block port
1434/UDP and consequently take down the Internet from all their single
users who were running SQL with no clue?

Wanna bet a lawyer will take that case some day?

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: