[unisog] Lifting backbone port 1434/udp blocks
paw at noh.ucsd.edu
Wed Jan 29 19:00:59 GMT 2003
It was clear to me back in late July (IIRC) that there might be a
problem with the UDP port - we considered blocking it then
(sigh), but wasn't sure what repercussions it might have on
legitimate activity, and issue got dropped.
We're moving towards a strategy of being *much* more aggressive
with our border blocking.
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
Russell Fulton <r.fulton at auckland.ac.nz> writes:
> On Wed, 2003-01-29 at 11:04, H. Morrow Long wrote:
> > We had a block in for TCP port 1433 before Saturday,
> > but not (unfortuately) a block for UDP port 1434. I
> > anticipate that we'll evaluate keeping the block in,
> > at least for a while.
> Us too.
> This raises another issue. So far I have not found anyone who will
> admit to knowing that the vulnerability could be exploited via UDP or
> even that MS SQL used UDP.
> It would help a lot if vendor advisories included information about
> which firewall ports to block to mitigate the vulnerability. And before
> you ask -- no I don't think that blocking ports is the best way to
> mitigate vulnerabilities -- fixing them is, but is it a useful
> additional line of defense.
> If I had known about the UDP port when MS02-39 was released we would
> have blocked both TCP and UDP ports and would have been saved 16 man
> hours of late night/early morning drama.
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland, New Zealand
> "It aint necessarily so" - Gershwin
More information about the unisog