Re: some thoughts on the Slammer fiasco

From: Steve Kass (skass@drew.edu)
Date: 01/26/03

• Next message: Jerry Bryant [MSFT]: "SP3 for MSDE 2000"
• Previous message: Jerry Bryant [MSFT]: "Re: SQL SP 3 and Slammer Virus"
• In reply to: rip: "some thoughts on the Slammer fiasco"
• Next in thread: rip: "Re: some thoughts on the Slammer fiasco"
• Reply: rip: "Re: some thoughts on the Slammer fiasco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 26 Jan 2003 16:58:27 -0500
From: Steve Kass <skass@drew.edu>

http://www.ciac.org/ciac/bulletinsByType/vndr_vax_sys_bulletins.html
bugtraq@securityfocus.com/msg09212.html">http://www.mail-archive.com/bugtraq@securityfocus.com/msg09212.html
http://tinyurl.com/4xe7

SK

rip wrote:

>None of my production servers were affected by this worm.
>Why? Because we don't run "bet your business", large
>revenue generating systems on windoz. We use VMS!!! After
>over 10 years and billions of dollars in revenue
>generation, we have never experienced ANY downtime due to
>viruses (or even loss of data due to StorageWorks).
>
>So why is this? The same dude (Cutler) who architected VMS
>was also the Architect for NT (now windoz 2000). It is
>absolutely impossible for an external IP connection to
>"Take over" a process on VMS because at it's core has a
>priviledged based process creation/image activation
>acrhitecture. Windoz has absolutely no concept of this idea
>and thus will ALWAYS be vulnerable to viruses. The only
>workaround is to block ports and have MS "hack" their own
>software. Pretty poor!!!
>
>So where was MS appology for this mess? Are they monitarily
>responsible? Will there be cival suits? When are they going
>to completely "create" a brand new OS thats secure? I use
>the word create loosely since MS has NEVER created their
>own OS; they bought everyone including windoz.
>
>Lastly, your premise of "loosers" is stupid. The entire
>internet was brought down by a poorly written application.
>Imagine that, application data traffic swamping the
>internet. So, the entire internets availability is the
>responsibility of clones to patch the MS products? No,
>lesson learned. Firewalls are worthless and routers (Cisco
>with million line access lists) were not designed to handle
>this. Is it the responsibility of a router to manage
>application traffic? i think what we need is a whole new
>level of technology to manage and secure application data
>traffic. Don't expect it from MS or Cisco; they'll just
>point fingers at each other.
>
>Lesson learned: Don't use MS to run your critical apps on
>and get them OFF the internet. Amazing that Bank of
>America's ATM network got infected from the internet. Why
>does that ATM network have any connections to the internet.
>Eventually the "internet" will be like a low cost mass
>transit system like a bus or subway and those who want
>highly available/secure networks will buy their own private
>jets for transportation (completely isolated, autonomous
>networks. Forget VPN).
>
>rip
>
>
>
>>-----Original Message-----
>>
>>These are my thoughts regarding some of the moronic posts
>>
>>
>seen here
>
>
>>recently.
>>
>>WTF are you running a software firewall on an SQL box for.
>>
>>
> SQL should stand
>
>
>>alone. And please buy a hardware firewall.
>>
>>Here is a question someone running Oracle would not ask.
>>
>>
>"Can (software
>
>
>>firewall of your choice) block port X.
>>
>>I am an SQL Server DBA and quite frankly ashamed of the
>>
>>
>low level of
>
>
>>knowledge and lack of willingness to keep up with simple
>>
>>
>security updates on
>
>
>>the part of the losers here whining about how to keep
>>
>>
>their servers safe.
>
>
>>Either learn how to play, or get of the field. And people
>>
>>
>wonder why SQL
>
>
>>Server DBAs make less than a DBA for Oracle, DB2, Sybase, etc.
>>
>>"But is was sooo easy to install, I clicked next. I'm
>>
>>
>safe now, right?"
>
>
>>Personally, I hope the IT slump goes on for 5 more years
>>
>>
>to weed out
>
>
>>wannabes like the people here.
>>
>>Sid
>>
>>
>>.
>>
>>
>>

---

• Next message: Jerry Bryant [MSFT]: "SP3 for MSDE 2000"
• Previous message: Jerry Bryant [MSFT]: "Re: SQL SP 3 and Slammer Virus"
• In reply to: rip: "some thoughts on the Slammer fiasco"
• Next in thread: rip: "Re: some thoughts on the Slammer fiasco"
• Reply: rip: "Re: some thoughts on the Slammer fiasco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages some thoughts on the Slammer fiasco ... None of my production servers were affected by this worm. ... The same dude who architected VMS ... was also the Architect for NT (now windoz 2000). ... internet was brought down by a poorly written application. ... (microsoft.public.sqlserver.security) Re: Windows Media Services and SQL on same server ... As to SQL, it gets murky here, but my limited ... servers on a LAN, these servers accessed via the Internet. ... How much bandwidth out to the internet do you have available? ... fairly fat pipe to serve up 1000 videos a day at 700Kbps... ... (microsoft.public.windowsmedia.server) RE: IIS6 Security and other web servers ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ... (Security-Basics) Re: Restrict Dynamic Updates ... exposed to the Internet is an inherently bad idea, but am in a position where ... my thought was to leave the clients pointing to the BIND/DNS ... servers to resolve all non-AD queries and redirect them to the AD/DNS servers ... internal DNS server host external public data. ... (microsoft.public.windows.server.dns) Re: Windows client - internet connection sharing ... or USB port on your FreeBSD box. ... This enables you to set up a 'DMZ' network, ... instance have several servers visible on the Internet. ... (freebsd-questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)