[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002401c2cb81$65be8680$c71121c2@sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: SQL Slammer - lessons learned
All good points - but missing the essential point that, even if the
internet ports were redivided into "server" at (say) 1-10240 and "user"
at 10241+ (like the current division at 1024) this worm would *still*
have spread like wildfire. the service exploited is a legitimate
service, so would be expected to run on a server port. Filtering would
allow you to block certain services at the expense of blocking anyone
being able to run those servers legitimately ( which may be borderline
acceptable to filter dialup/home users and protect all those insecure
MSDE owners out there) but would still not have slowed the infection of
legitimate servers; The only place to close ports to inbound traffic is
at the server running that service in the first place.
Powered by blists - more mailing lists