RE: SQL Slammer doing the rounds again?

["David LeBlanc" <dleblanc () Exchange Microsoft com>]

-----Original Message-----
From: Harlan Carvey [mailto:keydet89 () yahoo com] 
Sent: Thursday, November 13, 2003 11:30 AM
To: incidents () securityfocus com
Subject: RE: SQL Slammer doing the rounds again?

While I fully agree w/ Jim's advice, one thing I'm
still curious about...since we first saw Slammer...is
this - Is there a valid business reason to expose UDP
1434 to the Internet?
--------------------------

IMHO, no. The purpose of the port running at all is to act as a
portmapper to tell you where to find alternate instances of SQL. So even
if you did ignore Jim's advice, the proper thing to do is to hard-code
the port that the instance you need is running into your connection
string. If you're hitting the default instance on port 1433 TCP, you
don't need 1434 UDP at all.

I think most people end up exposing it by mistake. I don't personally
know of a good reason to expose it to the internet. I agree with Jim
that the web app ought to be written not to make the SQL server directly
accessible - there are other, better ways to accomplish that.



---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------