Full Disclosure mailing list archives

RE: SQL Slammer - lessons learned

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Mon, 10 Feb 2003 08:48:29 -0600

-----Original Message-----
From: John.Airey () rnib org uk [mailto:John.Airey () rnib org uk] 
Sent: Monday, February 10, 2003 4:24 AM
To: guninski () guninski com; Schmehl, Paul L
Cc: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] SQL Slammer - lessons learned


Code Red/Nimda have fizzled out (probably still some infected 
machines out there), since it is possible to block ports below 
1024.


Huh?  Our IDSes detect both Code Red I, II and III and Nimda every day,
as does my Wormcatcher.  I don't know *anyone* who is blocking port 80.
Do you?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: SQL Slammer - lessons learned, (continued)
- - Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
  - Re: SQL Slammer - lessons learned Georgi Guninski (Feb 09)
  - Re: SQL Slammer - lessons learned yossarian (Feb 09)
    - RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 09)
  - Re: SQL Slammer - lessons learned Helmut Springer (Feb 09)
    - RE: SQL Slammer - lessons learned Steve Wray (Feb 09)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
- RE: SQL Slammer - lessons learned John . Airey (Feb 10)
  - Re: SQL Slammer - lessons learned David Howe (Feb 10)
- RE: SQL Slammer - lessons learned Schmehl, Paul L (Feb 10)
  - Re: SQL Slammer - lessons learned David LaPorte (Feb 10)
    - Re: SQL Slammer - lessons learned Karl DeBisschop (Feb 10)
- Re: SQL Slammer - lessons learned petard (Feb 10)
- Re: RE: SQL Slammer - lessons learned I.R. van Dongen (Feb 10)