[unisog] Lifting backbone port 1434/udp blocks

Pat Wilson paw at noh.ucsd.edu
Wed Jan 29 19:00:59 GMT 2003


It was clear to me back in late July (IIRC) that there might be a
problem with the UDP port - we considered blocking it then
(sigh), but wasn't sure what repercussions it might have on
legitimate activity, and issue got dropped.

We're moving towards a strategy of being *much* more aggressive
with our border blocking.

Pat Wilson
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015

Russell Fulton <r.fulton at auckland.ac.nz> writes:
>  On Wed, 2003-01-29 at 11:04, H. Morrow Long wrote:
>  > We had a block in for TCP port 1433 before Saturday,
>  > but not (unfortuately) a block for UDP port 1434. I
>  > anticipate that we'll evaluate keeping the block in,
>  > at least for a while.
>  
>  Us too. 
>  
>  This raises another issue.  So far I have not found anyone who will
>  admit to knowing that the vulnerability could be exploited via UDP or
>  even that MS SQL used UDP.  
>  
>  It would help a lot if vendor advisories included information about
>  which firewall ports to block to mitigate the vulnerability.  And before
>  you ask -- no I don't think that blocking ports is the best way to
>  mitigate vulnerabilities -- fixing them is, but is it a useful
>  additional line of defense. 
>  
>  If I had known about the UDP port when MS02-39 was released we would
>  have blocked both TCP and UDP ports and would have been saved 16 man
>  hours of late night/early morning drama.
>  
>  -- 
>  Russell Fulton, Computer and Network Security Officer
>  The University of Auckland,  New Zealand
>  
>  "It aint necessarily so"  - Gershwin



More information about the unisog mailing list