""l0stbyte"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > the "dumb butts" are allowing access to SQL from public networks. how > difficult is it to filter stuff out? SQL boxes should be on private > networks, no routes to public, second or third tier, etc. Y2K all > over... This time in security business. Bunch of con artists claiming to > be security experts.
some more detailed information may be found at http://www.techie.hopto.org/sqlworm.html Ken D's post is an interesting read as well. One means of stopping this kind of stuff is to filter at the edges everything except for those specific ports and services which are required and in use. unfortunately, due to the nature of TCP/UDP, and the lack of any hard requirements for vendors to register their port numbers, it can be difficult to identify what exactly is required in any business situation. > > Cheers... > > P.S. There was a news clip that BofA networks were effected. this is scary. there is a thread about this very topic on NANOG as well. http://www.merit.edu/mail.archives/nanog/msg06789.html titled "Banc of America" worth applying some logical though here. BOA's ATM network is effected by internet outages? Bright idea? or disinformation on the part of BOA? > > l0stbyte > Symon Thurlow wrote: > > Cheers, > > > > Symon > > > > -----Original Message----- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > > Sent: 26 January 2003 20:02 > > To: [EMAIL PROTECTED] > > Subject: UDP port 1434 [7:61891] > > > > > > d tran wrote: > > > >>You wouldn't have to fight the udp 1434 problem had you decided to > >>scrap the shitty MS SQL server, running on crappy Windows machine and > >>replace it > >>MySQL (freeware) or real commercial database products like > >>Oracle, running on > >>Linux platform. > >>Enjoy fighting udp1434. LOL > >>DT > > > > > > I don't think that's true. He could have been a victim of other people > > running Windows SQL Server 2000. From what I understand about the worm, > > it not only repicated itself to other unpatched systems, but it send > > gazillions of packets to random IP addresses to port 1434. Many ISPs and > > companies were affected by it, not just the dumb butts who don't patch > > their systems. > > > > Here, we didn't seem to be affected by it, though. Maybe because I > > didn't check until Saturday afternoon? But no complaints came in. > > > > Are others willing to share their experiences? It could be a good > > learning opportunity. > > > > Anyone have a link to a good technical document about the worm? > > > > Thanks, > > > > Priscilla > > ============================================= > > > > This email has been content filtered and > > subject to spam filtering. If you consider > > this email is unsolicited please forward > > the email to [EMAIL PROTECTED] and > > request that the sender's domain be > > blocked from sending any further emails. > > > > ============================================= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61932&t=61891 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
