RE: SQL Slammer doing the rounds again?

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 11/13/03

  • Next message: Josh.Berry_at_compucom.com: "Strange Port 0 Traffic" 
    Date: Thu, 13 Nov 2003 11:29:46 -0800 (PST)
To: incidents@securityfocus.com

    While I fully agree w/ Jim's advice, one thing I'm
    still curious about...since we first saw Slammer...is
    this - Is there a valid business reason to expose UDP
    1434 to the Internet?

    I've asked this before and not received any responses.

    If anyone has one, I'd love to hear it. Please
    refrain from the "maybes"...I'd like to hear valid
    reasons why this port is exposed.

    Thanks,

    Harlan

    --- "Jim Harrison (ISA)" <jmharr@microsoft.com> wrote:
    > It's never stopped.
    > Like Nimda, Code Red, Blaster, SoBig and other
    > "bugs", as long as there
    > is a vulnerable system available to an infected
    > system, we'll be seeing
    > this traffic on the Internet.
    >
    > Your best protection:
    > 1. Keep yourself patched to the gills
    > 2. Place an application-filtering firewall at your
    > edge
    > 3. Keep your antivirus updated and deployed in your
    > servers and clients
    > 4. Block or quarantine executable attachments at
    > your mail server.
    > 5. Establish and enforce "acceptable use" policies
    > for corporate
    > Internet use
    >
    >
    > * Jim Harrison
    > MCP(NT4/2K), A+, Network+
    > Security Business Unit (ISA SE)
    >
    > "I used to hate writing assignments, but now I enjoy
    > them.
    > I realized that the purpose of writing is to inflate
    > weak ideas,
    > obscure poor reasoning, and inhibit clarity.
    > With a little practice, writing can be an
    > intimidating and
    > impenetrable fog!"
    > -Calvin
    >
    > -----Original Message-----
    > From: sradnidge@hotmail.com
    > [mailto:sradnidge@hotmail.com]
    > Sent: Monday, November 10, 2003 18:03
    > To: incidents@securityfocus.com
    > Subject: SQL Slammer doing the rounds again?
    >
    >
    >
    > Hi all,
    >
    >
    >
    > We seem to be noticing a large increase on UDP 1434
    > across our
    > enterprise worldwide, first starting in Europe, then
    > spreading to the
    > Americas and now looks to be heading our way in
    > Asia. Anyone else seen a
    > resurgence in this Slammer-like activity?
    >
    >
    >
    > Cheers
    >
    >
    >
    > Stuart
    >
    >
    ------------------------------------------------------------------------
    > ---
    > Network with over 10,000 of the brightest minds in
    > information security
    > at the largest, most highly-anticipated industry
    > event of the year.
    > Don't miss RSA Conference 2004! Choose from over 200
    > class sessions and
    > see demos from more than 250 industry vendors. If
    > your job touches
    > security, you need to be here. Learn more or
    > register at
    >
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    > and use priority code SF4.
    >
    ------------------------------------------------------------------------
    > ----
    >
    >
    >
    >
    ---------------------------------------------------------------------------
    > Network with over 10,000 of the brightest minds in
    > information security
    > at the largest, most highly-anticipated industry
    > event of the year.
    > Don't miss RSA Conference 2004! Choose from over 200
    > class sessions and
    > see demos from more than 250 industry vendors. If
    > your job touches
    > security, you need to be here. Learn more or
    > register at
    >
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    > and use priority code SF4.
    >
    ----------------------------------------------------------------------------
    >

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------

  • Next message: Josh.Berry_at_compucom.com: "Strange Port 0 Traffic"

    Relevant Pages

    • RE: SQL Slammer doing the rounds again?
      ... "I used to hate writing assignments, ... this - Is there a valid business reason to expose UDP ... > Security Business Unit ... > at the largest, most highly-anticipated industry ...
      (Incidents)
    • RE: SQL Slammer doing the rounds again?
      ... SQL Slammer doing the rounds again? ... "I used to hate writing assignments, ... > Security Business Unit ... > at the largest, most highly-anticipated industry ...
      (Incidents)
    • Re: [SLE] setting multiple user id to 0 (zero) is bad ! Why?
      ... On 6/30/05, Chadley Wilson wrote: ... > again!!), uucp. ... > This reason however has been flawed as we have other sites that work properly ... that it was due to sloppy and lazy security practices. ...
      (SuSE)
    • Re: non-disclosure of infrastructure problem a management issue?
      ... It doesn't seem likely that that was the reason. ... to say that it was about security. ... I did trust the Fedora project. ... and I have the sense not to speculate without the full facts. ...
      (Fedora)
    • Re: Please do not change your password [telecom]
      ... essentially discredits the whole security paradigm. ... Not to mention the whole "forgot your password" secret questions. ... If you post the name of your first pet on Facebook, there is no reason to ... and phishing attacks are still a risk, but so are securities fraud and ...
      (comp.dcom.telecom)