Slammer Lessons

By Lisa Vaas  |  Posted 2004-04-20 Print this article Print

At any rate, the feedback Im getting is that, luckily, people learned their lesson from Slammer. As former PASS (Professional Association for SQL Server) board of directors member Brian Knight said to me, it was a hard lesson for many companies, but Slammer did cause them to lock down port 1433 via firewalls to Internet traffic. Knight is president of and chief database architect of Fidelity National Financial, in Jacksonville, Fla. John Pescatore, vice president and research director of Internet security for Gartner Inc., backed up what Knight told me. Gartner has seen that Slammer caused a lot of enterprises to clean up their acts around port 1433 and SQL Server, Pescatore said. If Phatbot goes after port 1433 and SQL Server, it will find far fewer targets than when Slammer was around. So for that, Slammer, you get a very begrudging thank-you.
That doesnt let database security watchers off the hook entirely, though. A bigger issue is that its not just SQL Server that uses those ports and is vulnerable via them. The MSDE (Microsoft SQL Server Desktop Engine) tools randomly access various ports, but very often port 1433 is what the software uses.
Now, MSDE often winds up on PCs as part of third-party products such as project-management suites or Visual Studio, and many enterprises arent even aware its there, particularly since MSDE isnt a big resource hog. MSDE was also a problem back when enterprises were scrambling to clean up after Slammer. Knight told me that while patching some 350 SQL Server installations, he uncovered another 115 MSDE boxes that he hadnt known existed and subsequently had to patch. Obviously, MSDE sits on systems like a time bomb, making it imperative that enterprises make sure network firewalls and personal firewalls block those ports whenever possible. Do your business a favor: Do some vulnerability scanning. Make sure there are no MSDE components listening in on those ports. You cant change what port MSDE accesses, so youll have to block it at the firewall level. If you havent uncovered your MSDE time bombs already, do it now. Dont let a potential Phatbot variant or any other port 1433 exploit pull another Slammer on us. Check out eWEEK.coms Database Center at for the latest database news, views and analysis. Be sure to add our database news feed to your RSS newsreader or My Yahoo page:   Editors Note: This story was changed from its original posting to correct Brian Knights title. Editors Note: To use eWEEK.coms Talkback feature, you must first register. To do so, click on the word "Register" below.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel