Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: danelectro
i don't understand why these servers were able to be accessed from the internet. i saw earlier today other apps (.net programming environment and one other) also installed the vunerable sql component. i'm wondering if there were more than those two, because it doesn't seem possible the worm should be able to get at so many backoffice machines.

There are at least two ways that this could have gotten through firewalls:

  1. Port 1434 was left open in a firewall. It might have been intentional (for remote applications that access the SQL server directly) or unintentional (and stupid).

  2. Because the SQL server was installed on user's computers as part of certain programming environments, someone could easily get their laptop compromised while at home on a cablemodem, DSL or dialup line, then connect it to the corporate network inside the firewall. Once it is inside the firewall, it can propagate unchecked.

28 posted on 01/27/2003 7:28:35 PM PST by justlurking
[ Post Reply | Private Reply | To 15 | View Replies ]

To: justlurking
There are at least two ways that this could have gotten through firewalls:

i'm really curious now, about the factors that caused this to be such a serious event. i can accept that some places had port 1434 open due to negligence/incompentence. i can accept that some developer's workstations were also vunerable. i'd like to see how many infected machines were needed to saturate n amount of bandwidth, etc. it's not like nimba, where the iis webserver was installed on many many machines and users weren't aware. only programmers and businesses have ms sql server on their machines.

i'm sure some interesting studies are going to come out of this.

29 posted on 01/27/2003 7:47:30 PM PST by danelectro
[ Post Reply | Private Reply | To 28 | View Replies ]
To: justlurking
You're right.

Most of the infection got into corporate networks via VPN users......even MS Developers with .Net installed on their PC......and running a split tunnel to the internet.

Once in, it spread like wildfire through the ECommerce infrastructure developed on MSSQL and allowing UDP1434.

Corporate America got a wake-up call like no other before this weekend (LET ME TESTIFY!) and the whole MS and "internet thingy" is under a cloud.

IT pros are fed up with this sh!t.

Two years of hell I tell ya.........the endless patch and upgrade.

39 posted on 01/27/2003 9:57:10 PM PST by Mariner
[ Post Reply | Private Reply | To 28 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson