[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Karsten M. Self kmself@ix.netcom.com
Wed Jan 29 21:09:45 PST 2003


on Wed, Jan 29, 2003 at 09:56:13PM -0500, Andrew (akohlsmith-le@benshaw.com) wrote:
> > I'm positing the latter.  I know that there roughly 400m-500m PCs in
> > existence.  Presume somewhat more than half of those are Win(3x|9x|ME)
> > systems.  That would put a 10-20% marketshare for Win2K server at
> > between 5 and 10m units.  Hard data are hard to find -- Microsoft is
> > very fond of talking in percent growth, rather than units, and desktop
> > and server products are confounded.  Stories in the Jan-Mar 2000 period
> > cite 1m units/mo (not distinguishing server and desktop).  Apparently 1m
> > server units were shipped by  Feb 9, 2001.
> 
> I wasn't questioning the number you pulled from /dev/ass (I'll have to 
> remember that particular device, it sounds handy) -- I was questioning how 
> many of those 10 million units had SQL Server 2000 on them.
> 
> > If you read the link posted, you'll find a list of 18 product, (lord
> > forgive me for yelling) NOT INCLUDING MS SQL SERVER include the MSDE.
> 
> You're wrong.  Number 8 (subitem 1 through three, sub-sub items one through 
> three) is SQL Server 2000.

As the unix-haters password prompt says, "close enough".

Robert Graham's analysis, posted separately, suggests that desktop
rather than server systems were principally involved in the porpogation
of this attack.  These likley outnumber W2KS installs by a factor of two
to four, and as the list notes, several desktop products would have
installed the MSDE.  Which dials us in a bit further.


> I think I have made my point as to your gross overestimation of the
> number of susceptable SQL Server 2000 (or MSDE portions thereof)
> installations.  I know that this is kind of anti-elitist but I would
> rather deal with more realistic numbers.

I'll take your correction as noted, but mooted.

The correction is *appreciated*.  I don't get anywhere by insisting on
being wrong.


> > Well, we know for a fact that the baseline count is the 16k systems
> > Dartmouth logged.
> 
> Agreed.  But is that 16k/10M, or 16k/250k?  That's all I was asking.

Looks like it's 150k - 200k of some fraction of 20-40m.  Lets split the
difference and call it 50%, so 50% of 30m = 15m boxes.  Which is about
where we started.

<...>



> While I would love to say that Microsoft products are this terrible
> and that even if 99% of the admins out there *do* know what they're
> doing the results can be this horriffic, I don't think that's
> accurate.  I also believe that taking a stand with numbers like that
> and getting caught grossly underestimating the quality of Microsoft's
> software, while in fashion right now, isn't very professional.

That wasn't my aim.  I'm satisfied that the numbers work out about where
I'd put them originally, though this comes by adding in the Win2K
desktop market.  Graham largely supports my conclusion:  patching isn't
effective against this kind of threat.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   KQED FM:  The bright spot on the dial:  http://www.kqed.org/fm/



More information about the linux-elitists mailing list