To: ALS
And although I'm not a big MS fan, the truth is that the patch for this was available last May. The real fault lies with the lazy sysadmins that didn't install the free patch. i don't understand why these servers were able to be accessed from the internet. i saw earlier today other apps (.net programming environment and one other) also installed the vunerable sql component. i'm wondering if there were more than those two, because it doesn't seem possible the worm should be able to get at so many backoffice machines.
To: danelectro
18 posted on
01/27/2003 5:39:34 PM PST by
ALS
To: danelectro
i don't understand why these servers were able to be accessed from the internet. i saw earlier today other apps (.net programming environment and one other) also installed the vunerable sql component. i'm wondering if there were more than those two, because it doesn't seem possible the worm should be able to get at so many backoffice machines. There are at least two ways that this could have gotten through firewalls:
- Port 1434 was left open in a firewall. It might have been intentional (for remote applications that access the SQL server directly) or unintentional (and stupid).
- Because the SQL server was installed on user's computers as part of certain programming environments, someone could easily get their laptop compromised while at home on a cablemodem, DSL or dialup line, then connect it to the corporate network inside the firewall. Once it is inside the firewall, it can propagate unchecked.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson