Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What could have been done differently?

  • From: David Howe
  • Date: Thu Jan 30 10:16:52 2003

at Thursday, January 30, 2003 12:01 AM, bdragon@gweep.net
<bdragon@gweep.net> was seen to say:
>> But this worm required external access to an internal server (SQL
>> Servers are not front-end ones); even with a bad or no patch
>> management system, this simply wouldn't happen on a properly
>> configured network. Whoever got slammered, has more problems than
>> just this worm. Even with no firewall or screening router,  use of
>> RFC1918 private IP address on the SQL Server would have prevented
>> this worm attack
>
> RFC1918 addresses would not have prevented this worm attack.
> RFC1918 != security
Indeed. More accurately though "don't have an SQL server port exposed to
the general internet you bloody fools" might be closer to the correct
advice to customers :)
I have been trying *hard* but can't think of a single decent reason a
random visitor to a site needs SQL Server access from the outside.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.