lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002401c2cb81$65be8680$c71121c2@sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: SQL Slammer - lessons learned

All good points - but missing the essential point that, even if the
internet ports were redivided into "server" at (say) 1-10240 and "user"
at 10241+ (like the current division at 1024) this worm would *still*
have spread like wildfire. the service exploited is a legitimate
service, so would be expected to run on a server port. Filtering would
allow you to block certain services at the expense of blocking anyone
being able to run those servers legitimately ( which may be borderline
acceptable to filter dialup/home users and protect all those insecure
MSDE owners out there) but would still not have slowed the infection of
legitimate servers; The only place to close ports to inbound traffic is
at the server running that service in the first place.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ