Problem solve Get help with specific problems with your technologies, process and projects.

Ability of firewall/proxy to keep out Slammer worm

We are inside a corporate LAN with our intranet. Our network department has firewalls/proxies between us and the Internet. Some of our internal machines had Sapphire. Does this mean that the firewall/proxy had ports 1433/1434 open to the world I can't get a straight answer from our guys. We always felt safe thinking that our firewall/proxy protected us from stuff like this.

Obviously I don't know the configuration of your firewall, but Sapphire, aka Slammer, uses UDP port 1434. Note that this is not TCP port 1434.

If you are using a Microsoft SQL server behind your corporate firewall that is accessible from outside the firewall, then you definitely had UDP ports 1433/1434 open, because the SQL server will not work without that.

So, to mitigate against this threat, you could have kept your systems up to date with the current patches, or you could have blocked those ports and done without an SQL server. The flaw that was exploited was reported more than six months ago, and patches have been available since then. There really was no reason for any server to be infected.

For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: SQL Slammer update
News & Analysis: Experts warn unpatched SQL Servers still susceptible to Slammer
News & Analysis: Initial SQL worm cleanup simple; patching may not be so easy

This was last published in February 2003

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.