On Sat, 25 Jan 2003, Alex Rubenstein wrote:
Including the developers of SSHD, HTTPD, NAMED, CVS?
How about Linus? Wanna call him up?
I am no windows cheerleader, but to think this is something that happens only in windows-land is whack -- might as well put your head in the sand.
It is interesting to note that one inadvertent advantage of open source (when it requires people to compile from source, and pick and choose options at compile time... popular distributions with precompiled packages obviously break this to a certain degree) is that it leads to a much more heterogenous set of software WRT attacks like buffer overflows. Contrast this to something that is compiled once (or a small handfull) of times by the vendor, resulting in a much more predictable environment for many types of exploits. There have been several worms that have demonstrated this difference. [...]
Also; everyone who just posted to this list made it abundantly clear that they don't have a firewall in front of at least one MS SQL server on their network. Should you really have port 1433/4 open to the world? Would you do this with a MySql server?
It is interesting to note that apparently Windows NT and 2000 systems default to a somewhat dated and limited ephemeral port range of 1024-5000 (cf. ms kb article 196271). If you are blocking traffic on a variety of inbound UDP ports in that range using a simple packet filter, you will randomly be blocking responses to legitimate outbound UDP traffic, such as DNS. Granted, in many environments there is no need to allow MS systems to directly make DNS queries to anything outside the firewall. There are quite disturbing reports of hosts such as activex.microsoft.com, lawsqlsrv2.hotmail.com, etc. sourcing these packets (ie. appearing to be infected), but they need to be taken with a grain of salt. It is certainly possible that places who have hosts that are otherwise firewalled (that's ok, don't need to patch them...) aren't properly filtering UDP since it is harder to do properly if you require support for UDP traffic.