Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: management interface accessability (was Re: Worm / UDP1434)

  • From: Steven M. Bellovin
  • Date: Sun Jan 26 12:45:20 2003

In message <20030126172907.GA31694@f00f.org>, Chris Wedgwood writes:
>
>On Sun, Jan 26, 2003 at 01:37:16AM +0000, Paul Vixie wrote:
>
>> ... If you are relying on their ACL's to protect your telnet and
>> snmp access, but are otherwise allowing their management interfaces
>> to hear traffic from the whole Internet, then you should turn in
>> your badge and go back to bagging groceries or whatever it is you
>> used to do.
>
>Some would argue this should apply to those exposing MSSQL to the
>outside world such that it could even receive malicious port 1434
>packets...

Therein lies the rub.  I'm curious -- every medium or large company I'm 
aware of had Code Red on the inside of the firewalls.  What happened 
this time?  Did it get inside?  If so, has anyone analyzed how?


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.