RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

[Ron DuFresne <dufresne () winternet com>]

On Sat, 25 Jan 2003, Schmehl, Paul L wrote:

> Cyberterrorism????  Getting a bit hyped up, aren't we?  It's just
> another stupid worm.
>
> And blaming admins for not patching there boxes is bull.  You ever been
> to a university?  I defy you to even know where all the vulnerable boxes
> are, much less get the "owners" to patch them.  And tomorrow there will
> be more - because Microsoft has convinced the world that it's easy to
> run a box to do whatever it is you need to do, without knowing the first
> damn thing about security.
>
> Put the blame where it belongs - vendors who put out crap for software
> and jerks who take advantage of that.
>
> Until you've walked a mile in the shoes of the admins having to deal
> with this, keep your smug self-righteous indignation to yourselves.

Admins of the boxes in question and more directly the network admins are
fully responsible.  But, perhaps the real issue here is this is a
rationale for more distinct perimiter boundries.  That and the fact that
foreknowledge of M$-SQL issues have been known since slapper at the least
and thus, these ports should have long been blocked or 'protected' on the
perimiters.  Yet, even if you have an internal 'cloud' of systems, they
have entrance and exit points to and from your .edu network.  It might
seem dramatic, but closing the access/entrance points from those systems
that have/had been compromised would prhaps quickly resolve the issues in
that .edu domain you are charged with.  If the .edu domains policies do
not allow such 'extreme' measures of dealing with admins not up to snuff,
then the matter needs to be pushed up the chain of that domains
'management', which of course starts with admins, in staff meetings,
pushing their teir one folks and managers to push for something higher in
the feeding chain.

Whining that your hands are too full to do the job you are hired and paid
to do, while waiting for vendors to fix issues that they have a long
record of wanting to avoid dealing with, will get nothing accomplished.


Thanks,


Ron DuFresne



> -----Original Message-----
> From: Matt Smith [mailto:ratman6 () earthlink net]
> Sent: Saturday, January 25, 2003 7:29 PM
> To: 'Richard M. Smith'; jasonc () science org; 'Jay D. Dyson'; 'Bugtraq';
> 'Full-Disclosure'
> Subject: [Full-disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK
> PORT 1434!
>
>
> Guys,
>     This puppy is FAR from harmless and I mean far, This SOB is gonna
> wind up worse than Code Red, Nimda, or even the great worm of '88.  I
> doubt very much the Morris Worm downed ENTIRE COUNTRIES, as Sapphire did
> to South Korea today.  Cyberterrorism has been spoken of for years.
> Well, guess what boys and girls, it's here, right now. :(.  Curious this
> thing started up on a Friday night isn't it??? All the sysadmins are
> gone for the weekend and thus could not respond it a timely fashion to
> this latest security threat.  This one is not gonna cleaned up for
> awhile.  I think this thing was written as a weapon of terrorism and it
> is doing its job.  Much to the chagrin of the people like me who now
> have to deal with the backlash this thing is causing :(.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html