Talk:SQL Slammer

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computing This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles ??? This article has not yet received a rating on the project's importance scale.

Under the Impace section, it says, "Yonhap news agency in South Korea reported on the Internet services had been shut down for hours on Saturday, January 25, 2003 nationwide." Should this be "reported that the internet services had been shut down" or "reported on the internet that services had been shut down"? Banaticus 09:10, 5 June 2006 (UTC)[reply]

Frankly, SQL Slammer ruined Mr. Weaver's theory because the worm didn't use permutation scans, partitioned permutation scans or hitlist scans to propagate in 10 minutes. Keep it simple! Gritzko

Is there any reason this article is located at SQL slammer (computer worm) instead of just SQL slammer? Parentheses are for disambiguation, and I don't think there's any ambiguity here. — Jonathan Kovaciny (talk|contribs) 19:48, 11 April 2007 (UTC)[reply]

The beginning of == Technical details == reads:

• "The worm is a small (376 bytes) piece of code that does little other than generate random IP addresses and send itself out to those addresses."
• And the end of the section (which has been mistaken for the discussion page):

"The size of the Worm isn't 376 bytes. The worm sends 376 bytes to UDP port 1434, the SQL Server Resolution Service Port."

I deleted the last sentences and the alleged size in the first sentence. Apokrif 16:31, 20 July 2007 (UTC)[reply]

As to who and when it was first publically detected you might want to look here http://www.dslreports.com/forum/remark,5771929 —Preceding unsigned comment added by 96.51.228.164 (talk) 20:23, 28 April 2011 (UTC)[reply]

It is simplistic to the point of misleading to state "a patch had been released six months earlier in MS02-039". Do we want to tell more of the patch history?

The first patch to fix the Slammer vulnerability was issued on 24 July 2002. Additional Security Bulletins came in August and October, when it was discovered that another package of patches to the same database programs made them worse. A patch to fix the new problem came on 9 October, but fully installing it would reopen the vulnerability to Slammer -- an old, vulnerable module had been included in the fix. 16 October brought a patch that actually patched Slammer, but now the other problem was forgotten. The sixth shot was the charm: a preliminary pack of patches issued in December 2002 got both problems right, along with 188 other bugs in the 7th version of SQL Server. Systems Administrators were told, "Microsoft DOES NOT support the use of this build in your production environments. It is being provided for testing purposes, such that you have the opportunity to uncover issues/concerns . . ." Doubtless some waited until that pack stabilized on 4 January 2003, or until the first easy-to-install patch addressing just these two vulnerabilities was issued. That was 26 January, just after Slammer struck.

Decide for yourself whether the patch was released 6 months before the attack or the day after. David Litchfield, an independent researcher, discovered Microsoft's Slammer vulnerability and contacted the company on 16 May 2002 (see http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-06/0014.html), so throw in the 2+ months it took Microsoft to make any public move when you add up the nation's total response delay.

Microsoft expressed doubts about Mr. Litchfield's claims and made no response to the danger until Mr. Litchfield presented his findings publicly at the Blackhat Security Briefings in July 2002.
Jerry-va (talk) 14:01, 10 April 2010 (UTC)[reply]