Talk:SQL Slammer

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Computer Security / Computing  (Rated Start-class, Low-importance)
WikiProject iconThis article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Computing (Rated Start-class)
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 

Under the Impace section, it says, "Yonhap news agency in South Korea reported on the Internet services had been shut down for hours on Saturday, January 25, 2003 nationwide." Should this be "reported that the internet services had been shut down" or "reported on the internet that services had been shut down"? Banaticus 09:10, 5 June 2006 (UTC)

Frankly, SQL Slammer ruined Mr. Weaver's theory because the worm didn't use permutation scans, partitioned permutation scans or hitlist scans to propagate in 10 minutes. Keep it simple! Gritzko

Is there any reason this article is located at SQL slammer (computer worm) instead of just SQL slammer? Parentheses are for disambiguation, and I don't think there's any ambiguity here. — Jonathan Kovaciny (talk|contribs) 19:48, 11 April 2007 (UTC)

Size of the worm[edit]

The beginning of == Technical details == reads:

  • "The worm is a small (376 bytes) piece of code that does little other than generate random IP addresses and send itself out to those addresses."
  • And the end of the section (which has been mistaken for the discussion page):

"The size of the Worm isn't 376 bytes. The worm sends 376 bytes to UDP port 1434, the SQL Server Resolution Service Port."

I deleted the last sentences and the alleged size in the first sentence. Apokrif 16:31, 20 July 2007 (UTC)

As to who and when it was first publically detected you might want to look here http://www.dslreports.com/forum/remark,5771929 —Preceding unsigned comment added by 96.51.228.164 (talk) 20:23, 28 April 2011 (UTC)

Many patching delays and missteps[edit]

It is simplistic to the point of misleading to state "a patch had been released six months earlier in MS02-039". Do we want to tell more of the patch history?

The first patch to fix the Slammer vulnerability was issued on 24 July 2002. Additional Security Bulletins came in August and October, when it was discovered that another package of patches to the same database programs made them worse. A patch to fix the new problem came on 9 October, but fully installing it would reopen the vulnerability to Slammer -- an old, vulnerable module had been included in the fix. 16 October brought a patch that actually patched Slammer, but now the other problem was forgotten. The sixth shot was the charm: a preliminary pack of patches issued in December 2002 got both problems right, along with 188 other bugs in the 7th version of SQL Server. Systems Administrators were told, "Microsoft DOES NOT support the use of this build in your production environments. It is being provided for testing purposes, such that you have the opportunity to uncover issues/concerns . . ." Doubtless some waited until that pack stabilized on 4 January 2003, or until the first easy-to-install patch addressing just these two vulnerabilities was issued. That was 26 January, just after Slammer struck.

Decide for yourself whether the patch was released 6 months before the attack or the day after. David Litchfield, an independent researcher, discovered Microsoft's Slammer vulnerability and contacted the company on 16 May 2002 (see http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-06/0014.html), so throw in the 2+ months it took Microsoft to make any public move when you add up the nation's total response delay.

Microsoft expressed doubts about Mr. Litchfield's claims and made no response to the danger until Mr. Litchfield presented his findings publicly at the Blackhat Security Briefings in July 2002.
Jerry-va (talk) 14:01, 10 April 2010 (UTC)