nanog mailing list archives
Re: What could have been done differently?
From: Scott Francis <darkuncle () darkuncle net>
Date: Wed, 29 Jan 2003 20:19:28 -0800
On Tue, Jan 28, 2003 at 11:13:19AM -0200, rkjnanog () ieg com br said: [snip]
But this worm required external access to an internal server (SQL Servers are not front-end ones); even with a bad or no patch management system, this simply wouldn't happen on a properly configured network. Whoever got slammered, has more problems than just this worm. Even with no firewall or screening router, use of RFC1918 private IP address on the SQL Server would have prevented this worm attack
Only if the worm's randomly-chosen IP addresses were picked from the valid IP space (i.e. not RFC1918 addresses), and although I am not sure, I doubt the worm's author(s) was that conscientious. Later, on Wed, Jan 29, 2003 at 19:01:25 -0500 (EST), <bdragon () gweep net> replied:
RFC1918 addresses would not have prevented this worm attack. RFC1918 != security
All too true. However, using NAT/packet filtering can at least prevent casual/automated network scans. Of course, if one was implementing proper filtering, 1434/udp wouldn't be accepting connections from outside sources, whether directly or through NAT/port forwarding. But then, this observation has been made many times already ... -- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui
Attachment:
_bin
Description:
Current thread:
- Re: What could have been done differently?, (continued)
- Re: What could have been done differently? Andy Putnins (Jan 28)
- Re: What could have been done differently? Alex Bligh (Jan 28)
- Re: What could have been done differently? Mike Lewinski (Jan 28)
- Re: What could have been done differently? Andy Putnins (Jan 28)
- Re: What could have been done differently? E.B. Dreger (Jan 28)
- Re: What could have been done differently? E.B. Dreger (Jan 28)
- Re: What could have been done differently? Eliot Lear (Jan 28)
- Re: What could have been done differently? Rubens Kuhl Jr. (Jan 28)
- Re: What could have been done differently? Ted Fischer (Jan 28)
- Re: What could have been done differently? bdragon (Jan 29)
- Re: What could have been done differently? David Howe (Jan 30)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Re: What could have been done differently? Leo Bicknell (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Jack Bates (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Valdis . Kletnieks (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Leo Bicknell (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- WANAL (Re: What could have been done differently?) Paul Vixie (Jan 28)
- OT: Re: WANAL (Re: What could have been done differently?) Rafi Sadowsky (Jan 28)