Security Incidents mailing list archives
Re: [despammed] RE: SQL Slammer doing the rounds again?
From: whiplash <whiplash () despammed com>
Date: Fri, 14 Nov 2003 00:51:04 +0100
Jim Harrison (ISA) wrote:
Unfortunately, there are many folks who have queried the ISA newsgroups and other ISA lists about how (not why) to allow inbound SQL connections because many web designers haven't quite caught up to the idea that the Internet isn't the friendly little sandbox that they seem to believe it is.
And what did you answer, actually? The only answer I could give 'em could be "You must not". And if they really do need to have a "distributed web app" I'd answered "do use IPSEC in communications between web servers and application servers".
Consequently, they deploy distributed web apps that expect to have direct access to a SQL server across whatever network they're installed in. This often leaves the network admins with one choice; open external access to the SQL server.
I'm a net admin: my answer to such a ridicolous request could be "go and do learn how to work, mr. clueless-web-developer: I'll never leave a sql server wide open on the internet".
While it's true that you can IP-restrict that traffic,
Wow: impressive, isn't it?
there's also IP spoofing to contend with.
Come on: let's try to be serious. (I've never seen a worm trying blind spoofing attacks in modern times: have you?) The problem is the total leak of a real security culture between certain web application developers. The problem is that certain net admins say "Yup: sure" to what these developers ask them. The problem is the existence of very poor security-oriented architectures. You simply cannot consider ipothetic blind-spoofig attack (have you ever tried a blind-spoofing against modern TCP/IP stacks, btw? <g>) as a real threat, in such a scenario. --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- SQL Slammer doing the rounds again? sradnidge (Nov 11)
- Re: SQL Slammer doing the rounds again? Mike Barushok (Nov 12)
- Re: SQL Slammer doing the rounds again? Mike Tancsa (Nov 12)
- RE: SQL Slammer doing the rounds again? Damian Lennon (Nov 13)
- <Possible follow-ups>
- RE: SQL Slammer doing the rounds again? Jim Harrison (ISA) (Nov 13)
- RE: SQL Slammer doing the rounds again? Harlan Carvey (Nov 13)
- RE: SQL Slammer doing the rounds again? Jim Harrison (ISA) (Nov 13)
- Re: [despammed] RE: SQL Slammer doing the rounds again? whiplash (Nov 14)
- RE: SQL Slammer doing the rounds again? Thompson, Jimi (Nov 14)
- RE: SQL Slammer doing the rounds again? David LeBlanc (Nov 14)
- Re: SQL Slammer doing the rounds again? Mike Barushok (Nov 12)