LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Don't ignore network level filtering

Don't ignore network level filtering

Posted Jan 30, 2003 10:05 UTC (Thu) by beejaybee (guest, #1581)
In reply to: Don't ignore network level filtering by jneves
Parent article: A look at the MS-SQL worm

Yeah. Nessus has been identifying the expolit for ages; despite at least three rounds of warnings, there were still some systems at my employer's site which weren't patched. I would estimate around 50% of the (not very many) hosts running MS-SQL-S were patched.

We had the foresight to filter incoming UDP on almost all ports at our site router and therefore were not directly hit by the outbreak.

Another point here - it's obvious that a high proportion of the sysadmins of the hosts running MS-SQL-S were not even aware that the service was running. Disabling services that aren't essential is as much a part of securing a system as keeping up to date with patches. This applies to _all_ operating systems; many out-of-the-box linux systems are also running services they don't need to; Solaris systems seem to be totally infested with a huge raft of RPC services, many of which are a complete mystery to almost everyone!

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds