At lot of assumptions have been made, due to this crisis, about the laziness or even incompetence of network admins. Frankly, they've gotten me quite irritated. The blame for this mess falls squarely on the shoulders of Microsoft (for writing crappy software) and the perpetrator(s) who wrote and released this worm.

People have speculated, "Why would someone open up port 1434 to the Internet?" "Why wouldn't admins patch their boxes in a timely manner?"

The latter question is easily answered by the partial list that Russ provided. In some cases, admins didn't even *know* that SQL was running on a box, because it was some other app entirely. Who would have thought, for example, that Visio used SQL?

The former question is naïve. Try working in education for a while. Most don't have firewalls, and if they do, the policy is close what you know is bad, not open what you know is safe. You may rest assured that most of edu now has port 1434/UDP closed and has a good strong argument for keeping it that way.

If you really just feel compelled to blame the victims in this mess, blame the administrators/CEOs who wilt under political pressure and refuse to implement good strong security measures. A lot of us have been fighting this battle for a while now, and we will continue to, but we are swimming against a tide of tradition from a position of no power.

Just because your little domain with three Linux boxes is immune to attack doesn't mean you have any comprehension of what it takes to "admin" a network of tens of thousands of computers, most of which you have no control over, and many of which have default installs because the "owners" aren't even aware that's a problem.

Paul Schmehl (paulsutdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]