Hi all,
I have written a short analysis of what we think why the SQL Slammer
worm was that successful and what to learn from it. I am not looking at
the actual worm code or explain how it worked - there has enough of that
material already been published and it is excellent. My paper focusses
on the "breading bed" of the worm. I do so in the hope that we can learn
enough to prevent further attacks of this kind. In fact, I fear the next
ones are just around the corner - and SQL Slammer has risen some
questions that I find are tough to answer with current state of
technology AND user education.
In posting this paper, I hope to gather more feedback and insight from
the community. I also hope that others point out more learnings we can
take from it. As such, please deem the paper is incomplete and me eager
to complete it with all feedback I can receive...
I would also like to add a section on forensics in this situation, but I
do not have any useful samples as of now. I am looking for responses to
tbird's and my questions in this regard ;-)
The paper can be found at:
http://www.adiscon.com/Common/en/Articles/SQLSlammer-Learnings.asp
With the hopes that traffic has come back to normal volume,
Rainer Gerhards
Adiscon
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 10:10:53 PST