[EMAIL PROTECTED] wrote:
> On Thu, 12 May 2005 12:23:19 CDT, John Kristoff said:
>>I think there always has been some justification. Here is a very
>>small sample of real traffic that I can assure is not Slammer traffic,
>>but it is being filtered nonetheless (IP addresses removed):
>>
>> May 1
On Thu, 12 May 2005 12:23:19 CDT, John Kristoff said:
> I think there always has been some justification. Here is a very
> small sample of real traffic that I can assure is not Slammer traffic,
> but it is being filtered nonetheless (IP addresses removed):
>
> May 12 09:15:30.598 CDT[...] deni
On Thu, 12 May 2005 04:15:07 -1000
Brian Russo <[EMAIL PROTECTED]> wrote:
> Perhaps a better question is:
>
> Is there now justification for allowing transit for ms-sql slammer
> ports?
I think there always has been some justification. Here is a very
small sample of real traffic that I can ass
End to end, but I'm afraid current realities do not always permit that
approach and we must occasionally build walls.
Sure, I wish people would fully step up to the plate and demand robust
software/protocols. Secure, strong encryption and software that isn't
filled with buffer overflows and othe
On Thu, 12 May 2005 04:15:07 -1000, Brian Russo said:
> Is there now justification for allowing transit for ms-sql slammer ports?
That depends. Do you believe in end-to-end or walled-garden?
pgp000U5ef4oe.pgp
Description: PGP signature
Perhaps a better question is:
Is there now justification for allowing transit for ms-sql slammer ports?
- bri
Joe Maimon wrote:
Is there still justification for denying transit for ms-sql slammer
ports?
Thanks,
Joe
--
Brian Russo <[EMAIL PROTECTED]>
(808) 277 8623
On Wed, 11 May 2005, Jon Lewis wrote:
>
> On Wed, 11 May 2005, Christopher L. Morrow wrote:
>
> > > Is there still justification for denying transit for ms-sql slammer ports?
> >
> > probably not, but that's really a local-to-your-asn decision.
>
> I dunno about that. I know it was more than a y
On Wed, 11 May 2005, MARLON BORBA wrote:
>
>
> if you are sure there are no more infected machines out there...
>
There will always be infected machines out there. The question is, are
there infectable machines on your network, and will your network contain
them or melt down if you allow them
On Wed, 11 May 2005, Christopher L. Morrow wrote:
> > Is there still justification for denying transit for ms-sql slammer ports?
>
> probably not, but that's really a local-to-your-asn decision.
I dunno about that. I know it was more than a year ago, but at NANOG
Miami, someone brought either S
On Wed, 11 May 2005, Jeff Kell wrote:
> The SANS ISC currently gives an "Internet Survival Time" of 24 minutes
> for an unpatched windows box. I would give an unpatched Windows server
> with an old copy of MSSQL a considerably shorter lifespan :-)
See:
http://www.bbcworld.com/content/clickonlin
> f) slammers half life is incredibly long
Worms have a very long life on the Internet, we still see swen.. and we
still see (although interesting) niche worms that attacked just one
specific personal firewall. :/
> Does anybody have any idea of the rate of NEW slammer infections?
The net is an
Joe Maimon wrote:
Is there still justification for denying transit for ms-sql slammer ports?
Thanks,
Joe
Thanks all for your responses. To me it appears that
a) If you block 135/445 you should block slammer as well
b) If the number of potential infected hosts connected to your network
can threat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chip Mefford wrote:
> on my "at work" small network, slammer (or slammer like) traffic is
> still around 2% of inbound blocked traffic. (just a dead end off
> of asn 6467)
Almost every time I update our border ingress ACL (which removes the ACL
for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe Maimon wrote:
|
| Is there still justification for denying transit for ms-sql slammer ports?
on my "at work" small network, slammer (or slammer like) traffic is
still around 2% of inbound blocked traffic. (just a dead end off
of asn 6467)
-BEGIN
Jeff Rosowski wrote:
>
>> Is there still justification for denying transit for ms-sql slammer
>> ports?
>
>
> Well MS-SQL Worm propagation attempts and MS-SQL version overflow
> attempts account for 62% of the activity on our Internet facing IDS.
It changes from 40% to 70% here at AS8867, as w
Is there still justification for denying transit for ms-sql slammer ports?
Well MS-SQL Worm propagation attempts and MS-SQL version overflow attempts
account for 62% of the activity on our Internet facing IDS.
You decide:
http://www.dshield.org/topports.php
http://www.mynetwatchman.com/tp.asp
- ferg
-- Joe Maimon <[EMAIL PROTECTED]> wrote:
Is there still justification for denying transit for ms-sql slammer ports?
Thanks,
Joe
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for th
if you are sure there are no more infected machines out there...
best regards,
marlon borba, cissp
>>> Joe Maimon <[EMAIL PROTECTED]> 11/5/2005 12:51:15 >>>
Is there still justification for denying transit for ms-sql slammer ports?
Thanks,
Joe
On Wed, 11 May 2005, Joe Maimon wrote:
>
> Is there still justification for denying transit for ms-sql slammer ports?
>
probably not, but that's really a local-to-your-asn decision.
Is there still justification for denying transit for ms-sql slammer ports?
Thanks,
Joe
20 matches
Mail list logo