Absolutely! But in the reality of buggy software (for any platform) and lazy, untrained, and or overworked admins and users we need to start having legal accountability for systems placed on to the internet in an unpatched or unsecured state. That is the only way we are going to really start making a dent in this type of problem. I personally believe the ISP's not only have the RIGHT but the DUTY to protect not only themselves but the internet at large when these events happen by forcibly disconnecting the clients they are hosting until they patch their systems and resolve the issue. The fact that to this day there are still systems infected by Nimda on the internet shows that this must start to happen. To me, infections of this type need to be treated as any other type of network abuse by their upstream providers.
Miles -----Original Message----- From: Bill Kuhn - MCSE [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 9:38 AM To: NT 2000 Discussions Subject: RE: SQL worm? Someone might consider that part of the blame might belong to the criminal(s) who wrote and unleashed the worm? -----Original Message----- From: Chinnery, Paul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 8:11 AM To: NT 2000 Discussions Subject: RE: SQL worm? I have three SQL servers and none exposed. However, has anyone read Russ' "editorial" on this at NTbugtraq? He does make some valid points on why it's not all the SQL admin's fault. Paul Chinnery Network Administrator Mem Med Ctr -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 9:08 AM To: NT 2000 Discussions Subject: RE: SQL worm? Here is an example "I'm a programmer and need SQL on my PC to do my job". Unfortunately the rest goes like this "I don't know sh*t about security or this patching stuff, so I will just go on my happy way in ignorance" -----Original Message----- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 6:06 AM To: NT 2000 Discussions Subject: RE: SQL worm? Indeed. Why would anyone have SQL exposed like that? ASB Technology Integration Specialist http://www.ultratech-llc.com/KB Save The Internet -- Keep Your Systems Patched! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Monday, January 27, 2003 7:51 AM To: NT 2000 Discussions Subject: RE: SQL worm? Then those hosting companies deserve to get hit. There's no valid reason to have SQL servers completely exposed. At the very least they can be IP limited to the necessary addresses of the users. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 25, 2003 11:47 AM > To: NT 2000 Discussions > Subject: RE: SQL worm? > > > In theory that is correct. > However, there are places such as web hosting companies that offer SQL > to their customers. There are also companies too cheap to pay > for a VPN and > might have an offsite data center. > While closing those IP's completely is the best solution, > another idea may > be to not use those standard ports if you HAVE to access your > SQL server > remotely. Use some non standard ones perhaps. > > -----Original Message----- > From: Len Conrad [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 25, 2003 8:45 AM > To: NT 2000 Discussions > Subject: RE: SQL worm? > > > > >Close these ports: > >ms-sql-s 1433/tcp #Microsoft-SQL-Server > >ms-sql-s 1433/udp #Microsoft-SQL-Server > >ms-sql-m 1434/tcp #Microsoft-SQL-Monitor > >ms-sql-m 1434/udp #Microsoft-SQL-Monitor > > no, block access from internet to SQL ip (effectively blocking ALL > ports). > > What business does anybody on internet have in accessing your SQL > server? > > Len > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
