North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What could have been done differently?
at Thursday, January 30, 2003 12:01 AM, [email protected] <[email protected]> was seen to say: >> But this worm required external access to an internal server (SQL >> Servers are not front-end ones); even with a bad or no patch >> management system, this simply wouldn't happen on a properly >> configured network. Whoever got slammered, has more problems than >> just this worm. Even with no firewall or screening router, use of >> RFC1918 private IP address on the SQL Server would have prevented >> this worm attack > > RFC1918 addresses would not have prevented this worm attack. > RFC1918 != security Indeed. More accurately though "don't have an SQL server port exposed to the general internet you bloody fools" might be closer to the correct advice to customers :) I have been trying *hard* but can't think of a single decent reason a random visitor to a site needs SQL Server access from the outside.
|