Wake up, ISPs!
This whole SQL worm thing has got me in a knot. Not because it ruined a good Saturday afternoon, but because it points out the ineptitude of admins out there.
I’m not talking about the people who didn’t patch their SQL servers. Keeping up with all the Microsoft patches must be hell. No, I’m talking about the people that run the networks.
For fun, I fired up tcpdump on my gateway and looked at the source addresses of the people attacking me. I saw several RFC 1918 addresses — you know them, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. What are they doing on the Internet? Did the admins of the site not block them going outbound, or at least, NAT? How did these packets traverse the backbone?
We live in an insecure world because everyone is pointing their fingers the other way. We complain that we get DOSed, yet we don’t take measures to ensure that we can’t be a launching point for DOS (Egress filtering. Look it up.) As much as I think Microsoft puts out buggy software, keeping up to date on patches is not the complete solution.
Wake up, people. Filter. Sanity check. Be a good internet neighbour.
perhaps you should point people in the direction of how to be informed, RFC 2827 and RFC 1918 filtering.
January 27th, 2003 at 10:43 amPeople should not use SQL Server. Its not scalable
or secure and its expensive. For VLDB/VLDW implementations
its a rule out and there are enough free alternatives
that are proven on the lower end.
Take Care
Sanjay
February 3rd, 2003 at 10:00 pm