But this worm required external access to an internal server (SQL Servers are not front-end ones); even with a bad or no patch management system, this simply wouldn't happen on a properly configured network. Whoever got slammered, has more problems than just this worm. Even with no firewall or screening router, use of RFC1918 private IP address on the SQL Server would have prevented this worm attack
RFC1918 addresses would not have prevented this worm attack. RFC1918 != security Indeed. More accurately though "don't have an SQL server port exposed to
at Thursday, January 30, 2003 12:01 AM, bdragon@gweep.net <bdragon@gweep.net> was seen to say: the general internet you bloody fools" might be closer to the correct advice to customers :) I have been trying *hard* but can't think of a single decent reason a random visitor to a site needs SQL Server access from the outside.