On Mon, 27 Jan 2003, Phil Rosenthal wrote:
Has someone went and hacked the 5000 or so remaining infected hosts that were hackable somehow, and patched/rebooted?
Have you tried sending a UDP 1434 packet through a major Internet core network this weekend? Most of those machines are still blasting away, but the packets are getting dropped. It may be a long time before many of those filters are ever removed. I suspect Monday morning, ISP customer service centers are going to get calls from users asking why they can't access their MS-SQL databases across the Internet. Should ISPs start blocking all Microsoft protocols in self-defense? 135, 137, 138, 139, 322, 349, 445, 507, 522, 568, 569, 593, 612, 613, 691, 1232, 1270, 1433, 1434, 1477, 1478, 1512, 1607, 1711, 1723, 1731, 1745, 1801, 1863, 1895, 1900, 1944, 2106, 2234, 2382, 2383, 2393, 2394, 2460, 2504, 2525, 2701, 2702, 2703, 2704, 2724, 2869, 3020, 3074, 3126, 3132, 3268, 3269, 3343, 3389, 3535, 3544, 3587, 4350, 4500, 5678, 5679, 5720, 6073, 6588, 9753, 11320, 47624, .... Since many of users install database products just for local use, why does the database open up a network port on the initial installation? Wouldn't it be better to ask the user, or only open the network port if its being used? Its not just a Microsoft thing. SYSLOG opened the network port by default, and the user has to remember to disable it for only local logging.