I don't disagree. My point is that for every company like yours, there is some mom and pop shop with Point of Sale system or something that runs a SQL or MSDE backend that was done as a one time install by somebody. They later decide to get a DSL modem and suddenly their butt is hanging out on the internet. Now they have no clue what a patch or service pack is and happily go on their way never knowing the dangers lurking at every curve.
It's a bad situation, but it happens every day, everywhere. -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 6:12 AM To: NT 2000 Discussions Subject: RE: SQL worm? Not in a perfect world - in a world where people have half a clue. We do direct hosting of a number of applications, and we have 2 engineer's who's entire job is managing firewall rulesets and VPN tunnels for our customers into our network. Likewise, we manage a number of systems on our customers' networks, and we ensure that all our traffic originates from one and only one IP into their networks, such that Internet, VPN or point to point circuit (we do all three) they can lock it down to allow just the access necessary. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 9:06 AM > To: NT 2000 Discussions > Subject: RE: SQL worm? > > > No doubt, in a perfect world. > Unfortunately anyone can and does install anything they want > these days with > little knowledge of the product or how to handle it safely. > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 5:38 AM > To: NT 2000 Discussions > Subject: RE: SQL worm? > > > The better way is to manage access correctly - invalid ports are less > tenable solutions than using access control in most cases. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 27, 2003 8:04 AM > > To: NT 2000 Discussions > > Subject: RE: SQL worm? > > > > > > You could also use an alternative port. > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 27, 2003 4:51 AM > > To: NT 2000 Discussions > > Subject: RE: SQL worm? > > > > > > Then those hosting companies deserve to get hit. > > > > There's no valid reason to have SQL servers completely exposed. At > > the very least they can be IP limited to the necessary addresses of > the users. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > > Sent: Saturday, January 25, 2003 11:47 AM > > > To: NT 2000 Discussions > > > Subject: RE: SQL worm? > > > > > > > > > In theory that is correct. > > > However, there are places such as web hosting companies > that offer > > > SQL to their customers. There are also companies too cheap to pay > > > for a VPN and might have an offsite data center. > > > While closing those IP's completely is the best solution, > > > another idea may > > > be to not use those standard ports if you HAVE to access your > > > SQL server > > > remotely. Use some non standard ones perhaps. > > > > > > -----Original Message----- > > > From: Len Conrad [mailto:[EMAIL PROTECTED]] > > > Sent: Saturday, January 25, 2003 8:45 AM > > > To: NT 2000 Discussions > > > Subject: RE: SQL worm? > > > > > > > > > > > > >Close these ports: > > > >ms-sql-s 1433/tcp #Microsoft-SQL-Server > > > >ms-sql-s 1433/udp #Microsoft-SQL-Server > > > >ms-sql-m 1434/tcp #Microsoft-SQL-Monitor > > > >ms-sql-m 1434/udp #Microsoft-SQL-Monitor > > > > > > no, block access from internet to SQL ip (effectively > blocking ALL > > > ports). > > > > > > What business does anybody on internet have in accessing your SQL > > > server? > > > > > > Len > > > > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > ------ > > > You are subscribed as [EMAIL PROTECTED] > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe send a blank email to %%email.unsub%% > > > > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
