Slashdot Mirror
MS SQL Server Worm Wreaking Havoc
defile writes "Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. Reports of some hosts receiving 10 per minute or more. internetpulse.net is reporting UUNet and Internap are being hit very hard. This is the cause of major connectivity problems being experienced worldwide. It is believed this worm leverages a vulnerability published
in June 2002. Several core routers have taken to blocking port 1434 outright.
If you run Microsoft SQL Server, make sure the public internet can't access it. If you manage a gateway, consider dropping UDP packets sent to port 1434." bani adds "This has effectively disabled 5 of the 13 root nameservers."
Outside a firewall for no apparent reason is a tool. That being said, we live in a world of idiots. Why?
NGSSoftware alerted Microsoft to this problem on the 17th of May 2002 and
they have produced a patch that resolves these issues.
This is January 25 2003 if I'm not mistaken. Are these the same people that leave their cars unlocked with the keys in the ignition?
Whoever puts a database outside a firewall? and then leave its external port open???
Sysadmins like that should be dragged into the street and shot.
Wouldn't it be nicer if the owners of these machines bother patching the fucking things though?
As far as I'm concerned, boxes SHOULD be able to stand on their own without firewalls. A firewall just adds another layer.
Sounds like you're advocating armadillo security to me - hard on the outside, soft on the inside.
Get your own free personal location tracker
Depends. If you're protecting your network, you are right: "allow required traffic, block everything else". If you're providing network services to others, they probably don't want to beg you everytime they need to open a port. In that case it's "filter bad traffic, allow everything else".
Consider a VPN dude.
Firewalls promote softer security.
"Oh, it's OK because it's behind the firewall..."
I think firewalls make people lazy. Imagine if we didn't have firewalls. We'd have to keep our passwords good, our services minimal, and make sure we were running the latest, most secure daemons.
Get your own free personal location tracker
This adds a third layer of security, in addition to the 'secure firewall' and the 'secure desktop'. If, god forbid, someone gets through your firewall, you'll at least know it.
And I'm talking about logging outgoing traffic, also. After all, if your firewall is set up correctly you can't have any random incoming traffic...but you'll have lots of outgoing. They have NIDS to detect suspicious traffic, or you can just get a huge dump and start filtering out things you know are okay.
And it's about the only way you'll ever catch that some idiot is running an ICQ from three years ago with a known buffer overflow or something stupid. Neither firewalls nor updated desktop machines can protect you from your own users, only log files of network traffic can do that.
If corporations are people, aren't stockholders guilty of slavery?
You put your webserver on a DMZ, and let it (and only it) talk to the database server through the firewall. Any 2-tier client-server app should be going through a VPN or other secure tunnel.
The only way to do security is to have multiple layers, and to ruthlessly apply the priciple of least privilidge (you get only those permissions you ABSOLOUTELY need and nothing more).
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
--I thought this too, but I mean semi seriously. I stayed up real late watching it to make sure it wasn't a 'war' prelude. All the second world potential badguys have a cyber attack part of their assymetrical warfare plans, that's just freely available data you can read about.
My "oh crap,no internet" communications plans are a heap-o shortwaves and scanners. Better than nuthin. I know all the commercial am and fm and tv stations will all get taken over by the fema boxes, and start spewing dotgov propaganda (moreso than normal), so I'd be more monitoring some more "unregulated" sources.
Not to mention every starcraft and diablo player :P
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
My intial thought on this was that this isn't MS's fault and we shouldn't be bashing them for this worm; almost every os and daemon out there has had it's holes and exploits and MS has already put out the fix so it's in the admins hands now.
But on second thought, when I look at the serious impact of the worms that have been created for MS products and their vulnerabilities the last few years, the obvious becomes apparent: admins of MS OS's and processes on them are a LOT slower to patch than any of their counterparts (read: stupider). And the thing is, MS knows this, they specifically market to the stupid/lazy admins. They're the "easy" OS, they sell their products by telling people that you just install them and never worry about them again. I've taken too many MS courses (I am an MSCE and MSCDBA if they haven't expired on me, but I couldn't care less) and not once was patching the operating systems or server processes ever mentioned during all those courses, which is amazing to me.
And hey, to each their own I guess... apparently there aren't enough intelligent or well read admins around so there is a demand for these products and this approach. But if that's the case, then I think it has to be said that MS has a greater responsibility to create products free from exploits than anyone else, if they're marketing and teaching the idea that you don't need to patch.
It's by creating that laissez faire attitude towards administration that MS is directly responsible for the proliferation of these worms.
----- sXe