[unisog] Lifting backbone port 1434/udp blocks
r.fulton at auckland.ac.nz
Wed Jan 29 00:58:15 GMT 2003
On Wed, 2003-01-29 at 11:04, H. Morrow Long wrote:
> We had a block in for TCP port 1433 before Saturday,
> but not (unfortuately) a block for UDP port 1434. I
> anticipate that we'll evaluate keeping the block in,
> at least for a while.
This raises another issue. So far I have not found anyone who will
admit to knowing that the vulnerability could be exploited via UDP or
even that MS SQL used UDP.
It would help a lot if vendor advisories included information about
which firewall ports to block to mitigate the vulnerability. And before
you ask -- no I don't think that blocking ports is the best way to
mitigate vulnerabilities -- fixing them is, but is it a useful
additional line of defense.
If I had known about the UDP port when MS02-39 was released we would
have blocked both TCP and UDP ports and would have been saved 16 man
hours of late night/early morning drama.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
More information about the unisog