RE: firewall design (was: RE: [fw-wiz] terminal services )

From: m p (sumirati@yahoo.de)
Date: 01/29/03 

From: m p <sumirati@yahoo.de>
To: "R. DuFresne" <dufresne@sysinfo.com>
Date: Wed Jan 29 09:11:09 2003

 --- "R. DuFresne" <dufresne@sysinfo.com> schrieb:
> On Tue, 28 Jan 2003, Noonan, Wesley wrote:
>
> [SNIP]
>
> >
> > I actually disagree here. The issue with slammer/sapphire is precisely that
> > people didn't patch their machines. Let's review some of the recent
> history.
>
>
> didn't patch their machines and didn;'t heed all the information available
> the last time M$-SQL was hit. Other discussions in various lists the past
> few days have folks claiming they had no prior warning that port 1434 was
> a point of caution deserving incomong and outgoing blocks.

Anyone who designs a firewall should block all traffic - and build up then a
list of "good" traffic.

Anyone not doing this should not say to much about "I didn't knew it." It shows
that he/she/it does not know enough to do his/her job right.

If they had Microsoft SQL Server running and didn't know the port it opens -
well as I said before - if they don't have a clue, they are working in the
wrong buisness.

Just my 2 euro-cent.

Marc

__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Bis zu 100 MB Speicher bei http://premiummail.yahoo.de

Relevant Pages

  • Re: TCP 3389 and Remote Desktop
    ... conflict using a Linksys wireless router for a peer to peer network ... provided instructions for changing the remote port using RegEdit, ... firewall you utilize on said computer *and* have Remote Desktop turned on ... One method of accessing several machines behind a single router is to change ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
    ... > The worm is capable of retrieving filefrom a remote server - the ... > to data sent from infected machines. ... >> making the download executable available until the attack begins. ... >> has been added to our lists without your consent, ...
    (microsoft.public.security)
  • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
    ... > The worm is capable of retrieving filefrom a remote server - the ... > to data sent from infected machines. ... >> making the download executable available until the attack begins. ... >> has been added to our lists without your consent, ...
    (microsoft.public.inetserver.iis.security)
  • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
    ... > The worm is capable of retrieving filefrom a remote server - the ... > to data sent from infected machines. ... >> making the download executable available until the attack begins. ... >> has been added to our lists without your consent, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)