M$SQL cleanup incentives

• Previous message (by thread): M$SQL cleanup incentives
• Next message (by thread): M$SQL cleanup incentives
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thus spake <jlewis at lewis.org>
> If your network is able to contain slammer infected boxes without
> melting down, who cares if you have a few infected customers?  You
> don't need to filter, and they'll all be encouraged to fix their systems
> sooner.

As one hoster put it to me, DoS and worm traffic is billable so it's not in
the hoster's interests to protect customers -- quite the opposite in fact.

> I don't believe we'll have to filter 1434/udp forever, but I plan to leave
> the filters in place until we no longer need them or until they hurt more
> than they help.

What will you do when a similar worm appears on 53/udp or some other
heavily-used port?  We lucked out with Sapphire because MS/SQL is generally
safe to block on public networks, but its speed can be easily applied to
other protocols we can't afford to block.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

• Previous message (by thread): M$SQL cleanup incentives
• Next message (by thread): M$SQL cleanup incentives
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]