[linux-elitists] Re: Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)
Fri Jan 31 07:06:41 PST 2003
On Wed, 2003-01-29 at 21:36, Karsten M. Self wrote:
> Of course I find the definitive analysis *after* posting all of that.
> *VERY* strongly recommended reading:
> Advisory: SQL slammer
> Robert Graham
As a friend of mine would say, oh my freakin' head! I did not realize
just how truly MS had porked the universe here! To quote from the
If 100% of SQL Server 2000 systems had been patched by system
administrators, the situation would not have changed one bit. I
probed port 1433/tcp on attacking hosts and got a lot more RSTs
than SYNACKs. This means that most hosts were infected by MSDE,
not MSSQL. MSDE is "Microsoft Database Embedded", and is
embedded within desktop products like Visio, network
infrastructure systems from companies like Cisco, and in server
applications such as McAffee's virus manager. These aren't
unusual: MSDE is being included in thousands of desktop,
infrastructure, and server software packages.
Am I the only one that reads that and thinks, "MS needs to be sued over
this one"? I mean, come on! They embedded a product that opens a port to
other than the local machine with no warning to the user whatsoever!
This is the kind of shit that the Gnome folks got kicked around for, and
they were rightly chagrined over (and fixed asap). MS has been shipping
this how long? Application vendors have been silent about it how long?
McAffee's Virus manager, for Pete's sake! The virus manager was
listening on a random port for database queries from mind-control
That's just sick. About 20 minutes ago I was against using MS software
in production environments, but semi-ok with it for desktop use.
To quote Babylon 5, "nothing's the same anymore."
Aaron Sherman <firstname.lastname@example.org>
This message (c) 2003 by Aaron Sherman,
and granted to the Public Domain in 2023.
Fight the DMCA and copyright extension!
More information about the linux-elitists