This whole SQL worm thing has got me in a knot. Not because it ruined a good Saturday afternoon, but because it points out the ineptitude of admins out there.

I’m not talking about the people who didn’t patch their SQL servers. Keeping up with all the Microsoft patches must be hell. No, I’m talking about the people that run the networks.

For fun, I fired up tcpdump on my gateway and looked at the source addresses of the people attacking me. I saw several RFC 1918 addresses – you know them, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. What are they doing on the Internet? Did the admins of the site not block them going outbound, or at least, NAT? How did these packets traverse the backbone?

We live in an insecure world because everyone is pointing their fingers the other way. We complain that we get DOSed, yet we don’t take measures to ensure that we can’t be a launching point for DOS (Egress filtering. Look it up.) As much as I think Microsoft puts out buggy software, keeping up to date on patches is not the complete solution.

Wake up, people. Filter. Sanity check. Be a good internet neighbour.