lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe) Subject: SQL Slammer - lessons learned All good points - but missing the essential point that, even if the internet ports were redivided into "server" at (say) 1-10240 and "user" at 10241+ (like the current division at 1024) this worm would *still* have spread like wildfire. the service exploited is a legitimate service, so would be expected to run on a server port. Filtering would allow you to block certain services at the expense of blocking anyone being able to run those servers legitimately ( which may be borderline acceptable to filter dialup/home users and protect all those insecure MSDE owners out there) but would still not have slowed the infection of legitimate servers; The only place to close ports to inbound traffic is at the server running that service in the first place.
Powered by blists - more mailing lists