Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)
Karsten M. Self
Wed Jan 29 18:36:40 PST 2003
on Wed, Jan 29, 2003 at 11:17:57PM +0000, Karsten M. Self (email@example.com) wrote:
> on Sat, Jan 25, 2003 at 01:26:39PM -0800, Don Marti (firstname.lastname@example.org) wrote:
> > begin Michael Bacarella quotation of Sat, Jan 25, 2003 at 02:11:41AM -0500:
> > > All admins with access to routers should block port 1434 (ms-sql-m)!
> > Anybody who has _any_ relational database server directly connected
> > to the Internet please save some of whatever you're smoking for me.
> A few further points on this issue.
> Looking over the BUGTRAQ and NANOG lists, a few trends start to emerge.
> Apologies if this is fundamental knowledge -- if I'm duplicating
> well-known summaries, please post links as followup as I'm unaware of
Of course I find the definitive analysis *after* posting all of that.
*VERY* strongly recommended reading:
Advisory: SQL slammer
Makes many of the same points as I do. Though he doesn't address the
"what if it happens on :80, :22, :25" problem.
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
NPR: Radio for between the ears: http://www.npr.org/
More information about the linux-elitists