[linux-elitists] Re: Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)

Aaron Sherman ajs@ajs.com
Fri Jan 31 07:06:41 PST 2003


On Wed, 2003-01-29 at 21:36, Karsten M. Self wrote:

> Of course I find the definitive analysis *after* posting all of that.
> 
> *VERY* strongly recommended reading:
> 
>     Advisory:  SQL slammer
>     Robert Graham
>     http://www.robertgraham.com/journal/030126-sqlslammer.html
> 

As a friend of mine would say, oh my freakin' head! I did not realize
just how truly MS had porked the universe here! To quote from the
article:

        If 100% of SQL Server 2000 systems had been patched by system
        administrators, the situation would not have changed one bit. I
        probed port 1433/tcp on attacking hosts and got a lot more RSTs
        than SYNACKs. This means that most hosts were infected by MSDE,
        not MSSQL. MSDE is "Microsoft Database Embedded", and is
        embedded within desktop products like Visio, network
        infrastructure systems from companies like Cisco, and in server
        applications such as McAffee's virus manager. These aren't
        unusual: MSDE is being included in thousands of desktop,
        infrastructure, and server software packages.

Am I the only one that reads that and thinks, "MS needs to be sued over
this one"? I mean, come on! They embedded a product that opens a port to
other than the local machine with no warning to the user whatsoever!
This is the kind of shit that the Gnome folks got kicked around for, and
they were rightly chagrined over (and fixed asap). MS has been shipping
this how long? Application vendors have been silent about it how long?

McAffee's Virus manager, for Pete's sake! The virus manager was
listening on a random port for database queries from mind-control
lasers!

That's just sick. About 20 minutes ago I was against using MS software
in production environments, but semi-ok with it for desktop use.

To quote Babylon 5, "nothing's the same anymore."

-- 
Aaron Sherman <ajs@ajs.com>
This message (c) 2003 by Aaron Sherman,
and granted to the Public Domain in 2023.
Fight the DMCA and copyright extension!





More information about the linux-elitists mailing list