Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)

Karsten M. Self
Wed Jan 29 18:36:40 PST 2003

on Wed, Jan 29, 2003 at 11:17:57PM +0000, Karsten M. Self ( wrote:
> on Sat, Jan 25, 2003 at 01:26:39PM -0800, Don Marti ( wrote:
> > begin Michael Bacarella quotation of Sat, Jan 25, 2003 at 02:11:41AM -0500:
> > 
> > > All admins with access to routers should block port 1434 (ms-sql-m)!
> > 
> > Anybody who has _any_ relational database server directly connected
> > to the Internet please save some of whatever you're smoking for me.
> A few further points on this issue.
> Looking over the BUGTRAQ and NANOG lists, a few trends start to emerge.
> Apologies if this is fundamental knowledge -- if I'm duplicating
> well-known summaries, please post links as followup as I'm unaware of
> them.

Of course I find the definitive analysis *after* posting all of that.

*VERY* strongly recommended reading:

    Advisory:  SQL slammer
    Robert Graham

Makes many of the same points as I do.  Though he doesn't address the
"what if it happens on :80, :22, :25" problem.


Karsten M. Self <>
 What Part of "Gestalt" don't you understand?
   NPR:  Radio for between the ears:

More information about the linux-elitists mailing list