RE: [logs] Re: Reliably detecting things like the SQL worm....

From: H C (keydet89at_private)
Date: Tue Jan 28 2003 - 07:20:51 PST

  • Next message: Alexandre Dulaunoy: "[logs] OSSP l2 and Syslog logging"

    > > Unfortunately, 1434 is a perfectly valid
    > "ephemeral" port.  
    > > Would you like, for instance, random DNS failures?
    > I think it depends. Outgonig 1434 traffic is fine
    > for a DNS server (and
    > some other UDP based services like streaming).
    > However, it should be blocked on a SQL server. 
    UDP 1434 as an "ephemeral" port isn't an issue.  The
    traffic can be easily blocked by defining subnets.  
    > If both of them on the same
    > machine you are out of luck, though...
    You've got a point there.  When I was at Winstar,
    consultants had setup DNS on a firewall system...which
    was running an end-user version of Solaris.
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 09:39:06 PST