Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)
Wed Jan 29 19:18:01 PST 2003
Quoting Karsten M. Self (email@example.com):
> Makes many of the same points as I do. Though he doesn't address the
> "what if it happens on :80, :22, :25" problem.
But we on Unix have been contemplating, and contending with, the latter
problem for the last couple of decades. (RTFM about RTM, good sir.)
The difference is that, in our community, we've never consider unattended
vulnerabilities and compromises to be Someone Else's Problem. If we
learn that someone _failed to notice_ (and correct) his system suddenly
putting its ethernet ports in promiscuous mode and attacking everyone
else, we tend to tell him, in a friendly but firm fashion, "You screwed
up. Would you like some help in learning ways to not screw up in the
I personally think it'd be salubrious if backbone ISPs, instead of
switching off port-transport on account of the packet storm du jour,
would just send 440V three-phase back down the compromised-and-attacking
systems' ethernet ports. Maybe give 'em an hour's grace time, to notice
and correct their problems.
Cheers, We write precisely We say exactly
Rick Moen Since such is our habit in How to do a thing or how
firstname.lastname@example.org Talking to machines; Every detail works.
Excerpt from Prof. Touretzky's decss-haiku.txt @ http://www.cs.cmu.edu/~dst/
More information about the linux-elitists