RE: [logs] Re: Reliably detecting things like the SQL worm....

• Previous message: Michael Batchelder: "Re: [logs] Re: Reliably detecting things like the SQL worm...."
• Maybe in reply to: Bennett Todd: "[logs] Re: Reliably detecting things like the SQL worm...."
• Next in thread: H C: "RE: [logs] Re: Reliably detecting things like the SQL worm...."
• Reply: H C: "RE: [logs] Re: Reliably detecting things like the SQL worm...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Unfortunately, 1434 is a perfectly valid "ephemeral" port.  
> Would you like, for instance, random DNS failures?

I think it depends. Outgonig 1434 traffic is fine for a DNS server (and
some other UDP based services like streaming). However, it should be
blocked on a SQL server. If both of them on the same machine you are out
of luck, though...

Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: H C: "RE: [logs] Re: Reliably detecting things like the SQL worm...."
• Previous message: Michael Batchelder: "Re: [logs] Re: Reliably detecting things like the SQL worm...."
• Maybe in reply to: Bennett Todd: "[logs] Re: Reliably detecting things like the SQL worm...."
• Next in thread: H C: "RE: [logs] Re: Reliably detecting things like the SQL worm...."
• Reply: H C: "RE: [logs] Re: Reliably detecting things like the SQL worm...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 06:51:59 PST