Robert Graham's SQL Slammer analysis (was Re: [linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!)

Rick Moen
Fri Jan 31 22:59:15 PST 2003

Quoting Larry M. Augustin (

> Port 80 is turning into a big problem.  I've had tis conversation with
> several chief security officers.  Everyone is now building software
> that pushes stuff through port 80, mostly because that port is
> generally open.  i.e. opening up a port has become such a big deal
> that everyone wants to use port 80.  But with multiple services now
> being offered through port 80, all people have done is make ports
> useless, and make the problem harder by hiding it under port 80.

This is why I lean towards the viewpoint articulated by (I believe) Nick
Moffitt:  Just don't expose to the network services whose security
you don't have reasonable confidence in.  "Locking down ports" becomes
superfluous:  A service is either reachable and thus presumed a
potential point of remote attack, or not accessible remotely at all.

When I run database engines, they _don't_ (a la MSDE) default to being
network-reachable from anywhere but localhost.  The only network-reachable 
daemons I run are ones I'm willing to stay on top of.  Border filtering,
you guys say?  Why should my host trust _even_ nearby machines and the
local LAN?  

Yes, I know that defence in depth from border filtering is theoretically 
beneficial, but there's a reason all of those people are driven to use
things like httptunnel to get traffic past brainless firewall policies.
Better off without it, on the whole.

Cheers,           "I don't like country music, but I don't mean to denigrate
Rick Moen         those who do.  And, for the people who like country music,         denigrate means 'put down'."      -- Bob Newhart

More information about the linux-elitists mailing list