Ask the Expert

Ability of firewall/proxy to keep out Slammer worm

We are inside a corporate LAN with our intranet. Our network department has firewalls/proxies between us and the Internet. Some of our internal machines had Sapphire. Does this mean that the firewall/proxy had ports 1433/1434 open to the world I can't get a straight answer from our guys. We always felt safe thinking that our firewall/proxy protected us from stuff like this.

    Requires Free Membership to View

Obviously I don't know the configuration of your firewall, but Sapphire, aka Slammer, uses UDP port 1434. Note that this is not TCP port 1434.

If you are using a Microsoft SQL server behind your corporate firewall that is accessible from outside the firewall, then you definitely had UDP ports 1433/1434 open, because the SQL server will not work without that.

So, to mitigate against this threat, you could have kept your systems up to date with the current patches, or you could have blocked those ports and done without an SQL server. The flaw that was exploited was reported more than six months ago, and patches have been available since then. There really was no reason for any server to be infected.


For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: SQL Slammer update
News & Analysis: Experts warn unpatched SQL Servers still susceptible to Slammer
News & Analysis: Initial SQL worm cleanup simple; patching may not be so easy


This was first published in February 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: