[80737] in North American Network Operators' Group
Re: Blocking port udp/tcp 1433/1434
daemon@ATHENA.MIT.EDU (Jeff Kell)
Wed May 11 13:43:16 2005
Date: Wed, 11 May 2005 13:43:32 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: nanog@merit.edu
In-Reply-To: <42824061.9050705@well.com>
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chip Mefford wrote:
> on my "at work" small network, slammer (or slammer like) traffic is
> still around 2% of inbound blocked traffic. (just a dead end off
> of asn 6467)
Almost every time I update our border ingress ACL (which removes the ACL
for as long as it takes to load the new one, perhaps a few seconds) it
triggers IDS alerts on 1433/1434, often specifically the slammer packet
itself. (usually thanks to AS209)
The SANS ISC currently gives an "Internet Survival Time" of 24 minutes
for an unpatched windows box. I would give an unpatched Windows server
with an old copy of MSSQL a considerably shorter lifespan :-)
Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFCgkREot2VatFbXMERAhbeAJ9GLe6HUa8nuOB5AeYfbSEcyfEsNwCgiqG+
flADbuPxyxr06xaBIRROcXw=
=lqFY
-----END PGP SIGNATURE-----
