> the banks have many SQL servers of many different types, so it's hard to
> talk about "the bank database". SQL servers used for storing office
> notes may have been compromised while those storing financial data may
> have been untouched. but even then i don't think that's the most likely
> explanation.
>
> Slammer simply inundated the networks with traffic. i lost connectivity
> to some of my systems, and i can guarentee you i don't have any MS SQL
> servers on them.
>
> most likely it was simply something like:
>
> if (slammer.totalTraffic() > totalBandwidth() - bandwidthReq())
> {
> servicesUnavailable();
Yes, but my point is for slammer to have created so much traffic in the
first place it would have had to have infected a lot of machines. If the
people responsible for the SQL servers would have had them behind
firewalls then the slammer worm wouldn't have been able to infect them, if
slammer can't infect anything then the amount of bandwidth being used
doesn't grow exponentially :) If there was no way for slammer to infect
any machines then it would have died right after it started.
