[unisog] MS-SQL Zombie DDoS

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jan 28 15:56:59 GMT 2003


On Tue, 28 Jan 2003 08:59:22 CST, Steve Drees <drees at rangebroadband.com>  said:

> Most likely yes. Unless you are behind a NATed firewall with RFC1918 IP
> addresses internally.

Umm.. actually... relying on NAT as a security feature is overrated.

*THIS* worm doesn't have the ability to traverse a NAT.  This doesn't mean
that just having a NAT makes you secure....

And of course, if you told the firewall to pass traffic for 1434 to the
NAT'ed address, all bets are off - and I'm willing to bet that a *LOT*
of people do that so road-warrior employees can connect....

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030128/1967763c/attachment-0007.bin


More information about the unisog mailing list