Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL Slammer - lessons learned

From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 6 Feb 2003 18:45:37 -0600 (CST)
On Thu, 6 Feb 2003, Blue Boar wrote:


Ron DuFresne wrote:

port 1434 on a client (so blocking replies)

of course the client will reissue the request on aonther port and  get the
info required.  No harm done.


Maybe for a completely different lookup call, it will.  Meanwhile, the
blocked lookup comes back as no response, which will be interepreted as no
such name.


Perhaps I'm wrong and will be corrected, but nslookup and dig and the
various other tools retry after a short timeout period, and do so on
different ports then the first timeout request was made.<?>  If I'm
reading this correctly, then the significance of a dropped packet in a
request is minimal.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: