[55275] in North American Network Operators' Group
Re: management interface accessability (was Re: Worm / UDP1434)
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Jan 26 12:43:36 2003
From: "Steven M. Bellovin" <smb@research.att.com>
To: Chris Wedgwood <cw@f00f.org>
Cc: nanog@merit.edu
Date: Sun, 26 Jan 2003 12:42:57 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <20030126172907.GA31694@f00f.org>, Chris Wedgwood writes:
>
>On Sun, Jan 26, 2003 at 01:37:16AM +0000, Paul Vixie wrote:
>
>> ... If you are relying on their ACL's to protect your telnet and
>> snmp access, but are otherwise allowing their management interfaces
>> to hear traffic from the whole Internet, then you should turn in
>> your badge and go back to bagging groceries or whatever it is you
>> used to do.
>
>Some would argue this should apply to those exposing MSSQL to the
>outside world such that it could even receive malicious port 1434
>packets...
Therein lies the rub. I'm curious -- every medium or large company I'm
aware of had Code Red on the inside of the firewalls. What happened
this time? Did it get inside? If so, has anyone analyzed how?
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
