lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <014701c2cb99$54fb8600$c71121c2@sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: SQL Slammer - lessons learned

at Monday, February 03, 2003 2:50 PM, John.Airey@...b.org.uk
<John.Airey@...b.org.uk> was seen to say:
> I think you misunderstood what I was getting at. By separating
> services from dynamic ports, the average PC doesn't need to be
> patched as often against worms like SQL Slammer (particularly as the
> MSDE code seems to be so endemic). Should there be a legitimate need
> to open those ports to the outside world, you can request this via
> your ISP as you would do with the "Well Known" ports at the moment.
Most isps seem to have no problems with the Well Known ports being open
inbound (unless they are explicitly banning servers, including p2p and
game servers). To have to individually control open and closed ports for
dialup, cable or dsl users would be a major nightmare - not to mention a
massively customerbase-reducing move.

> Nearly everything we believe is second hand. For example, less than
> 500 people have seen the Earth from space, yet the majority of people
> believe it is round (OK pedants, an oblate sphere).
Proof by induction? a huge number of people have travelled far enough
from home that "noon" is noticably offset from home time, and called
home by telephone.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ