Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)

Rick Moen rick@linuxmafia.com
Wed Jan 29 19:18:01 PST 2003


Quoting Karsten M. Self (kmself@ix.netcom.com):

> Makes many of the same points as I do.  Though he doesn't address the
> "what if it happens on :80, :22, :25" problem.

But we on Unix have been contemplating, and contending with, the latter
problem for the last couple of decades.  (RTFM about RTM, good sir.)

The difference is that, in our community, we've never consider unattended 
vulnerabilities and compromises to be Someone Else's Problem.  If we
learn that someone _failed to notice_ (and correct) his system suddenly
putting its ethernet ports in promiscuous mode and attacking everyone
else, we tend to tell him, in a friendly but firm fashion, "You screwed
up.  Would you like some help in learning ways to not screw up in the
future?"

I personally think it'd be salubrious if backbone ISPs, instead of
switching off port-transport on account of the packet storm du jour,
would just send 440V three-phase back down the compromised-and-attacking 
systems' ethernet ports.  Maybe give 'em an hour's grace time, to notice
and correct their problems.

-- 
Cheers,             We write precisely            We say exactly
Rick Moen           Since such is our habit in    How to do a thing or how
rick@linuxmafia.com Talking to machines;          Every detail works.
Excerpt from Prof. Touretzky's decss-haiku.txt @ http://www.cs.cmu.edu/~dst/



More information about the linux-elitists mailing list