-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I would like to know from people what was the initial vector that let > the worm in. Honestly, I did not see much penetration of Slammer at all. All my customers are filtering at their border firewalls on inbound UDPs. Those that were sitting outside of the firewall had a host-firewall that blocked those ports as well and limited any SQL Server discussions with trusted machines. Slammer was unique in its delivery (single UDP datagram), but it was a lot more annoying then dangerous. I think a few high profile places, like Bank of America, got it bad, but most everybody else did okay. Moreover, I agree with you Zot that SQL Server is a fairly rare port to see exposed publicly. The audit work we have done mirrors that same result. I see more really dumb stuff, like exposed NetBIOS then I see SQL. I think Slammer is just another reminder to IT groups to practice basic, but reliable security measures. A good firewall policy and regular system patching could have prevented any infection from Slammer. _____________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com _____________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.13 Comment: For info see http://www.gnupg.org iEYEARECAAYFAj47QnYACgkQRFTPAXEeGWkVvQCeL0Rl16p+CUvwIqCnKChN3UAj 3swAn1VL+PH/On0efqSoRiZdOWkPdG/l=Su9l -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 20:41:22 PST