[55520] in North American Network Operators' Group
Re: What could have been done differently?
daemon@ATHENA.MIT.EDU (David Howe)
Thu Jan 30 10:11:41 2003
From: "David Howe" <DaveHowe@gmx.co.uk>
To: "Email List: nanog" <nanog@nanog.org>
Date: Thu, 30 Jan 2003 13:17:40 -0000
Errors-To: owner-nanog-outgoing@merit.edu
at Thursday, January 30, 2003 12:01 AM, bdragon@gweep.net
<bdragon@gweep.net> was seen to say:
>> But this worm required external access to an internal server (SQL
>> Servers are not front-end ones); even with a bad or no patch
>> management system, this simply wouldn't happen on a properly
>> configured network. Whoever got slammered, has more problems than
>> just this worm. Even with no firewall or screening router, use of
>> RFC1918 private IP address on the SQL Server would have prevented
>> this worm attack
>
> RFC1918 addresses would not have prevented this worm attack.
> RFC1918 != security
Indeed. More accurately though "don't have an SQL server port exposed to
the general internet you bloody fools" might be closer to the correct
advice to customers :)
I have been trying *hard* but can't think of a single decent reason a
random visitor to a site needs SQL Server access from the outside.
