Q

Ability of firewall/proxy to keep out Slammer worm

We are inside a corporate LAN with our intranet. Our network department has firewalls/proxies between us and the Internet. Some of our internal machines had Sapphire. Does this mean that the firewall/proxy had ports 1433/1434 open to the world I can't get a straight answer from our guys. We always felt safe thinking that our firewall/proxy protected us from stuff like this.

Obviously I don't know the configuration of your firewall, but Sapphire, aka Slammer, uses UDP port 1434. Note that this is not TCP port 1434.

If you are using a Microsoft SQL server behind your corporate firewall that is accessible from outside the firewall, then you definitely had UDP ports 1433/1434 open, because the SQL server will not work without that.

So, to mitigate against this threat, you could have kept your systems up to date with the current patches, or you could have blocked those ports and done without an SQL server. The flaw that was exploited was reported more than six months ago, and patches have been available since then. There really was no reason for any server to be infected.


For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: SQL Slammer update
News & Analysis: Experts warn unpatched SQL Servers still susceptible to Slammer
News & Analysis: Initial SQL worm cleanup simple; patching may not be so easy


This was first published in February 2003

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close