LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The MS-SQL worm: lessons for free software

The MS-SQL worm: lessons for free software

Posted Feb 6, 2003 9:20 UTC (Thu) by AnswerGuy (subscriber, #1256)
Parent article: The MS-SQL worm: lessons for free software

I've written a few thoughts on my MoinWiki pages on how the Internet can be substantially hardened from these sorts of attacks with minimal technical development.

Egress filtering and connection rate limiting (at border ISP routers) could accomplish most of the work.

Of course, it's not that simple, and the social issues overwhelm us immediately.

JimD

(Log in to post comments)

The MS-SQL worm: lessons for free software

Posted Feb 6, 2003 17:58 UTC (Thu) by pflugstad (subscriber, #224) [Link]

Note that in order for connection rate limiting to have helped in the case of SQL Slammer, it would have had to limit UDP packets, as SQL Slammer used UDP. Not impossible, but unlikey.

I totally agree with you otherwise.

On a seperate note, the major reason SQL Slammer propagated as fast as it did was because it was UDP based. This let each infected host send probes to 100's or even 1000's of IP addresses each SECOND. It didn't have to wait for the normal TCL 3-way handshake to go on, dramatically increasing it's ability to spread.

Pete

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds