> if such a worm hasn't already made its quiet rounds, i'm sure such a > thing will before long. it's a well documented technique just waiting > for some "enterprising" individual to put it to use. =/ > > keep your systems patched.
Keeping your systems patched in this particular situation would not have help anyone really. I know we have been talking about the problems with having a MSSQL or any database server for that matter directly on the net but.... the majority of computers that were infected were not MSSQL servers. It was computers using software developed using MSDE 2000. It's the same thing with code red.... the majority of computers infected were not internet servers running web services using IIS, it was desktop computers running things like windows 2000 professional. The average desktop user using windows 2000 pro has IIS running on his/her desktop right now and they don't even know it. It's the same right now with slammer.... if your desktop is running McAfee virus scan, visio or any other product that uses MSDE 2000 then your desktop is vulnerable. If your server uses Veritas Backup Exec for backups then your server is vulnerable, even if you have applied the patch from Microsoft. The great majority of computers infected were not MSSQL servers. The real issue here is closing down the ports. Just because Veritas or McAfee uses MSDE 2000 does it mean it should listen to network requests coming in on 1434? Patching is a flawed approach to security, programming it the right way the first time is how programming needs to be done... and that's what corporations like the ones that wrote these 3rd party apps are *not* doing. The attitude is, lets release the vulnerable software now and fix it later. They could have fixed it before they released it by just closing that port. Sysadmins are afraid to patch there systems, and rightly so. With the sheer number of patches that are released every day and the majority of them requiring a reboot to take effect on windows machines, a sysadmin can not keep up with it and the companies couldn't afford to pay him/her to do it. It's much easier and cheaper to just let these DDOS attacks happen every so often then it is to keep up with patching your windows systems. Patches have a tendency of breaking other things in windows and they also require reboots, both things cost companies $$. However, sysadmins can easily harden their systems and most of the time this doesn't require any disruption in services and hardening systems will usually keep them safe from most exploits even if there software isn't patched. > > - -- > Aaron J. Seigo > GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 > > "Everything should be made as simple as possible, but not simpler" > - Albert Einstein > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE+QIjv1rcusafx20MRAibtAJ9DXeDwX/Ucakx1HHm44AGuvS/IcwCeKPIz > fbwz96eSo4EsG4RRlZ8lWYk= > =1Tia > -----END PGP SIGNATURE-----
