lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: SQL Slammer - lessons learned

All good points - but missing the essential point that, even if the
internet ports were redivided into "server" at (say) 1-10240 and "user"
at 10241+ (like the current division at 1024) this worm would *still*
have spread like wildfire. the service exploited is a legitimate
service, so would be expected to run on a server port. Filtering would
allow you to block certain services at the expense of blocking anyone
being able to run those servers legitimately ( which may be borderline
acceptable to filter dialup/home users and protect all those insecure
MSDE owners out there) but would still not have slowed the infection of
legitimate servers; The only place to close ports to inbound traffic is
at the server running that service in the first place.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux