lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F2676@pborolocal.rnib.org.uk>
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk)
Subject: SQL Slammer - lessons learned

> -----Original Message-----
> From: Georgi Guninski [mailto:guninski@...inski.com]
> Sent: 09 February 2003 22:24
> To: Schmehl, Paul L
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned
> 
> 
> Schmehl, Paul L wrote:
> ..snip...
> > Are you really willing to demand your "freedom" in the face of the
> > overwhelming odds that leaving those ports open will do 
> more harm than
> > good?
> > 
> 
> I am willing to demand my freedom.
> When I pay to an ISP for internet, I want to have all ports 
> in/out working.
> If I don't want something working, I filter it at *my* firewall.
> 
> When code red/nimbda hit some time ago on port 80, nobody 
> suggested blocking 
> port 80 for those II$, right? But when a worm hits on less 
> popular port, people 
> start attacking the symptoms, not the cause. Am I missing something?
> 
> Georgi Guninski
> http://www.guninski.com
> 
In the midst of all the opinions, what I had actually said was that part of
the problem is due to the way that ports are used.

Code Red/Nimda have fizzled out (probably still some infected machines out
there), since it is possible to block ports below 1024. Granted, you would
say that machines should be patched, however installing a machine from
scratch means that at some point it is vulnerable, even more so now that MS
is starting to insist that you use Windoze Update from the machine to update
rather than allowing administrators to download the update. I used to create
update CDs that would allow us to install these machines and patch them
without plugging them into the network, but now I can't. Thanks Bill...

This is not the case for higher ports. You will have problems if you block
these ports indiscriminately. 

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk 

Am I the only person in the UK who finds it strange that our Prime Minister
complains of Human Rights abuses around the world, yet wishes to opt out of
the European Convention of Human Rights?

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ