[55500] in North American Network Operators' Group
Re: What could have been done differently?
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Wed Jan 29 19:06:22 2003
To: rkjnanog@ieg.com.br (Rubens Kuhl Jr.)
Date: Wed, 29 Jan 2003 19:01:25 -0500 (EST)
Cc: nanog@merit.edu
In-Reply-To: <018f01c2c6cf$31d81590$1302a8c0@default> from "Rubens Kuhl Jr." at Jan 28, 2003 11:13:19 AM
From: <bdragon@gweep.net>
Errors-To: owner-nanog-outgoing@merit.edu
> But this worm required external access to an internal server (SQL Servers
> are not front-end ones); even with a bad or no patch management system, this
> simply wouldn't happen on a properly configured network. Whoever got
> slammered, has more problems than just this worm. Even with no firewall or
> screening router, use of RFC1918 private IP address on the SQL Server would
> have prevented this worm attack
RFC1918 addresses would not have prevented this worm attack.
RFC1918 != security
