RE: SQL Slammer doing the rounds again?

From: David LeBlanc (dleblanc_at_Exchange.Microsoft.com)
Date: 11/14/03

  • Next message: whiplash: "Re: [despammed] RE: SQL Slammer doing the rounds again?" 
    Date: Thu, 13 Nov 2003 15:32:25 -0800
To: "Harlan Carvey" <keydet89@yahoo.com>, <incidents@securityfocus.com>

    -----Original Message-----
    From: Harlan Carvey [mailto:keydet89@yahoo.com]
    Sent: Thursday, November 13, 2003 11:30 AM
    To: incidents@securityfocus.com
    Subject: RE: SQL Slammer doing the rounds again?

    While I fully agree w/ Jim's advice, one thing I'm
    still curious about...since we first saw Slammer...is
    this - Is there a valid business reason to expose UDP
    1434 to the Internet?
    --------------------------

    IMHO, no. The purpose of the port running at all is to act as a
    portmapper to tell you where to find alternate instances of SQL. So even
    if you did ignore Jim's advice, the proper thing to do is to hard-code
    the port that the instance you need is running into your connection
    string. If you're hitting the default instance on port 1433 TCP, you
    don't need 1434 UDP at all.

    I think most people end up exposing it by mistake. I don't personally
    know of a good reason to expose it to the internet. I agree with Jim
    that the web app ought to be written not to make the SQL server directly
    accessible - there are other, better ways to accomplish that.

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------

  • Next message: whiplash: "Re: [despammed] RE: SQL Slammer doing the rounds again?"

    Relevant Pages

    • Re: How to find the rows that are different between a table and its sub view.
      ... But I've never written onc of these reverse kind of queries ... and could use some advice. ... PORT are PK's: ... You will likely have better performance if you directly use the SQL ...
      (comp.databases.oracle.misc)
    • Re: SQL DBA Client
      ... What is required depends on how you expose your SQL... ... measures you should consider are changing the port number ... you're using and using a User account with minimal ... Enterprise Manager accordingly (configuring the Client ...
      (microsoft.public.windows.server.sbs)
    • Re: Merge replication in SQL Server
      ... However, port 443 is for https, did you want your SQL ... Configuring an instance of SQL Server to use a static port ... you can script out replication jobs by right clicking on a publication ...
      (microsoft.public.sqlserver.replication)
    • Re: IIS, SQL 2000 & XPs Firewall
      ... Will anything change when I install SQL 2008 on the laptop? ... Queries to the Data Engine must go to the port that SQL Server is ... More info: How to: Configure a Windows Firewall for Database Engine Access ...
      (microsoft.public.sqlserver.connect)
    • Re: Connecting to an instance in a cluster
      ... "Geoff N. Hiten" wrote: ... you cannot reuse port numbers. ... Microsoft SQL Server MVP ...
      (microsoft.public.sqlserver.clustering)