Home page logo

nanog logo nanog mailing list archives

Re: [Re: M$SQL cleanup incentives]
From: Joshua Smith <joshua.ej.smith () usa net>
Date: Thu, 20 Feb 2003 16:30:44 -0500

Iljitsch van Beijnum <iljitsch () muada com> wrote:

On Thu, 20 Feb 2003, William Allen Simpson wrote:

Worse, it only takes 1 infected host to re-infect the entire net in
about 10 minutes.  So, the entire 'net has to cooperate, or we'll see
continual re-infection.

Only if people didn't fix their servers. And if they didn't, this
"reverse" denial of service attack is a good reminder.

what was that one worm from a year or two ago that was eliminated from the
net, oh yeah, code red......if they didn't fix themselves the first round,
what makes you think they will fix it the second time, or the third...

Unfortunately, this is a cost that prevents pain to others, rather
than self-inflicted pain.  Another pollution of the commons issue.

Seems to me that filtering is no longer necessary unless you have reason
to believe your customers are going to install new vulnerable boxes or
vulnerable software on existing boxes AND their pipe to you is so big
the excess traffic is going to hurt you more than them.

the reason is that ms sql and msde are vulnerable out of the box, and 
since ms is such a popular o/s, you can be reasonably certain that new
vulnerable boxes are installed everyday.  and while a vulnerable box on a
small pipe may slow the initial growth, how long would it take to find
another vulnerable box on a big pipe?

i still get 8K plus hits against my acls per day for udp/1434...(75 in the
time it took to write this email)


"Walk with me through the Universe,
 And along the way see how all of us are Connected.
 Feast the eyes of your Soul,
 On the Love that abounds.
 In all places at once, seemingly endless,
 Like your own existence."
     - Stephen Hawking -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]