-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 04 February 2003 12:56, Trevor Lauder wrote:
> In this setup, the banks clients access the webpage that allows them to
> interact with their accounts. This machine is in the banks DMZ and the
> firewall is setup to allow that webserver to access the database server
> that is inside the banks network or LAN. This connection should also be
> encrypted. It seems though that if the banks SQL servers are getting
> compromised then it could mean that they don't have the database server
> behind the firewall, they have it in the dmz with the webserver. That is
> a big no no, and a great number of admins do it this way. If they didn't
> then slammer wouldn't have been able to run so wild for so long.
the banks have many SQL servers of many different types, so it's hard to talk
about "the bank database". SQL servers used for storing office notes may have
been compromised while those storing financial data may have been untouched.
but even then i don't think that's the most likely explanation.
Slammer simply inundated the networks with traffic. i lost connectivity to
some of my systems, and i can guarentee you i don't have any MS SQL servers
on them.
most likely it was simply something like:
if (slammer.totalTraffic() > totalBandwidth() - bandwidthReq())
{
servicesUnavailable();
}
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
"Everything should be made as simple as possible, but not simpler"
- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+QB811rcusafx20MRArJSAJ9ncJBSbWmA1KfYTTq2QLZjwV4CjACfWIRR
AMdkVua7mSFiQuv8DzBZ2b0=
=/LdH
-----END PGP SIGNATURE-----
