Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)

Larry M. Augustin lma@lmaugustin.com
Fri Jan 31 18:14:47 PST 2003


> Quoting Karsten M. Self (kmself@ix.netcom.com):
> 
> > Makes many of the same points as I do.  Though he doesn't address the
> > "what if it happens on :80, :22, :25" problem.

Port 80 is turning into a big problem.  I've had tis conversation with
several chief security officers.  Everyone is now building software that
pushes stuff through port 80, mostly because that port is generally open.
i.e. opening up a port has become such a big deal that everyone wants to use
port 80.  But with multiple services now being offered through port 80, all
people have done is make ports useless, and make the problem harder by
hiding it under port 80.  When one of these applications makes any attempt
at security, they do something inside XML so you need an XML parser to
enforce security.  There are a lot of companies out there now trying to
build "port 80 firewalls" - boxes that parse everything going past port 80,
and attempt to do something intelligent, including add security.

It's strange to think that the practice of being judicious in locking down
ports has created an even worse problem because developers are now using
port 80 to go around the firewall.

Larry
 




More information about the linux-elitists mailing list