[80776] in North American Network Operators' Group
Re: Blocking port udp/tcp 1433/1434
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed May 11 18:15:00 2005
Date: Wed, 11 May 2005 18:12:58 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Joe Maimon <jmaimon@ttec.com>, nanog@nanog.org
In-Reply-To: <Pine.GSO.4.58.0505111555580.13686@sharpie.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
On Wed, 11 May 2005, Christopher L. Morrow wrote:
> > Is there still justification for denying transit for ms-sql slammer ports?
>
> probably not, but that's really a local-to-your-asn decision.
I dunno about that. I know it was more than a year ago, but at NANOG
Miami, someone brought either SQL slammer or a vulnerable laptop and
killed the network for a while. Running tcpdump on my notebook, I noticed
fairly constant slammer probes while there. We still block it here, and
the last time we accidentally removed that filter, a colo customer was
promptly infected.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
