Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)

Karsten M. Self kmself@ix.netcom.com
Wed Jan 29 18:36:40 PST 2003


on Wed, Jan 29, 2003 at 11:17:57PM +0000, Karsten M. Self (kmself@ix.netcom.com) wrote:
> on Sat, Jan 25, 2003 at 01:26:39PM -0800, Don Marti (dmarti@zgp.org) wrote:
> > begin Michael Bacarella quotation of Sat, Jan 25, 2003 at 02:11:41AM -0500:
> > 
> > > All admins with access to routers should block port 1434 (ms-sql-m)!
> > 
> > Anybody who has _any_ relational database server directly connected
> > to the Internet please save some of whatever you're smoking for me.
> 
> A few further points on this issue.
> 
> Looking over the BUGTRAQ and NANOG lists, a few trends start to emerge.
> 
> Apologies if this is fundamental knowledge -- if I'm duplicating
> well-known summaries, please post links as followup as I'm unaware of
> them.

Of course I find the definitive analysis *after* posting all of that.

*VERY* strongly recommended reading:

    Advisory:  SQL slammer
    Robert Graham
    http://www.robertgraham.com/journal/030126-sqlslammer.html


Makes many of the same points as I do.  Though he doesn't address the
"what if it happens on :80, :22, :25" problem.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   NPR:  Radio for between the ears:  http://www.npr.org/



More information about the linux-elitists mailing list