[unisog] Lifting backbone port 1434/udp blocks

Russell Fulton r.fulton at auckland.ac.nz
Wed Jan 29 00:58:15 GMT 2003


On Wed, 2003-01-29 at 11:04, H. Morrow Long wrote:
> We had a block in for TCP port 1433 before Saturday,
> but not (unfortuately) a block for UDP port 1434. I
> anticipate that we'll evaluate keeping the block in,
> at least for a while.

Us too. 

This raises another issue.  So far I have not found anyone who will
admit to knowing that the vulnerability could be exploited via UDP or
even that MS SQL used UDP.  

It would help a lot if vendor advisories included information about
which firewall ports to block to mitigate the vulnerability.  And before
you ask -- no I don't think that blocking ports is the best way to
mitigate vulnerabilities -- fixing them is, but is it a useful
additional line of defense. 

If I had known about the UDP port when MS02-39 was released we would
have blocked both TCP and UDP ports and would have been saved 16 man
hours of late night/early morning drama.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin



More information about the unisog mailing list