M$SQL cleanup incentives
Stephen Sprunk
stephen at sprunk.org
Sat Feb 22 21:46:42 UTC 2003
Thus spake <jlewis at lewis.org>
> If your network is able to contain slammer infected boxes without
> melting down, who cares if you have a few infected customers? You
> don't need to filter, and they'll all be encouraged to fix their systems
> sooner.
As one hoster put it to me, DoS and worm traffic is billable so it's not in
the hoster's interests to protect customers -- quite the opposite in fact.
> I don't believe we'll have to filter 1434/udp forever, but I plan to leave
> the filters in place until we no longer need them or until they hurt more
> than they help.
What will you do when a similar worm appears on 53/udp or some other
heavily-used port? We lucked out with Sapphire because MS/SQL is generally
safe to block on public networks, but its speed can be easily applied to
other protocols we can't afford to block.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
More information about the NANOG
mailing list