Mark Lane said:
> At 10:39 PM 2/3/03, you wrote:
>>Aaron J. Seigo said:
>> >
>> > of course, anyone who puts a database server on a public network
>> accepting random connections hither and yon is just asking for
>> trouble. there's really no reason for that sort of set up.
>>
>>I fully agree. The real reason this worm was able to run so wild is
>> because the average network admin doesn't know how to do their job.
>> The sysadmin isn't as much to blame in this one as this patch was not
>> very easy to install to begin with. However, the network admin should
>> know better then to allow anonymous access to there SQL servers from a
>> public network such as the internet. In 99% of the cases they
>> shouldn't have even offered any kind of access to the SQL servers
>> directly to anyone.
>
> The scary thing about this all is that slammer took out interac. Why is
> the interac system even accessible from the internet? If slammer can
> effect it, then it will be hacked eventually.
>
Interac isn't connected to the internet, however the banks are. Slammer
took down the banks internal networks which in turn disrupted interac
machines since they need to communicate with the bank networks. The world
was lucky this time, next time it may take down airports and such. If air
traffic control is taken down or any other such service like it, then we
may start to see death tolls after every worm hits.
