Maybe this is a silly question considering where I work, but is it common for huge banks to connect their ATMs to their data centers over the Internet? We certainly don't do that, and wouldn't even consider doing it, so I was surprised that BofA appears to be doing just that.
Then again, they probably have twenty times more ATMs than we do, so perhaps they have different issues to be considered. John >>> "Priscilla Oppenheimer" 1/27/03 11:24:42 AM >>> Good points. How much bandwidth goes to some of the remote ATMs? Probably very little. They probably got crunched by the huge number of UDP packets. Of course, better filtering would have prevented that. But there's no need to assume that BoA runs MS-SQL or to worry that private info was compromised, etc. DoS attacks usually have very little to do with privacy compromises. Not claiming to be a security expert, so just correct me if I'm way off base! :-) Prisiclla Amazing wrote: > > what's amazing are the assumptions that people are making--who > says tht BoA > servers or any BoA database were comprimised? who says they > are even > running MS-SQL? Read how the worm is spreading and you will > understand > that you dont have to be running anything that can be affected > by the worm. > my guess is that a company with LARGE blocks of routable > addresses and > probably very high speed connections to the Internet might have > bigger > problems with this worm which in effect becomes a denial of > service attack > on their edge devices even if they are filtering out udp 1494 > at the edge. > > take a look at the post by Ken and observe what is happening to > the CPU of > one of his router blades..... > > i definitely agree with your comment about the security con > artist > comparison the y2k consultants > > ""l0stbyte"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > the "dumb butts" are allowing access to SQL from public > networks. how > > difficult is it to filter stuff out? SQL boxes should be on > private > > networks, no routes to public, second or third tier, etc. Y2K > all > > over... This time in security business. Bunch of con artists > claiming to > > be security experts. > > > > Cheers... > > > > P.S. There was a news clip that BofA networks were effected. > this is > scary. > > > > l0stbyte > > Symon Thurlow wrote: > > > Cheers, > > > > > > Symon > > > > > > -----Original Message----- > > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > > > Sent: 26 January 2003 20:02 > > > To: [EMAIL PROTECTED] > > > Subject: UDP port 1434 [7:61891] > > > > > > > > > d tran wrote: > > > > > >>You wouldn't have to fight the udp 1434 problem had you > decided to > > >>scrap the shitty MS SQL server, running on crappy Windows > machine and > > >>replace it > > >>MySQL (freeware) or real commercial database products like > > >>Oracle, running on > > >>Linux platform. > > >>Enjoy fighting udp1434. LOL > > >>DT > > > > > > > > > I don't think that's true. He could have been a victim of > other people > > > running Windows SQL Server 2000. From what I understand > about the worm, > > > it not only repicated itself to other unpatched systems, > but it send > > > gazillions of packets to random IP addresses to port 1434. > Many ISPs and > > > companies were affected by it, not just the dumb butts who > don't patch > > > their systems. > > > > > > Here, we didn't seem to be affected by it, though. Maybe > because I > > > didn't check until Saturday afternoon? But no complaints > came in. > > > > > > Are others willing to share their experiences? It could be > a good > > > learning opportunity. > > > > > > Anyone have a link to a good technical document about the > worm? > > > > > > Thanks, > > > > > > Priscilla > > > ============================================= > > > > > > This email has been content filtered and > > > subject to spam filtering. If you consider > > > this email is unsolicited please forward > > > the email to [EMAIL PROTECTED] and > > > request that the sender's domain be > > > blocked from sending any further emails. > > > > > > ============================================= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61971&t=61891 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
