Forum Home
PC World Chat
Thread ID: 84678	2007-11-14 20:24:00	Wide Open Databases	SurferJoe46 (51)	PC World Chat

Post ID	Timestamp	Content	User
611507	2007-11-14 20:24:00	A half a million database servers are without any firewall protection according to security researcher David Litchfield . ( . techworld . com/security/news/index . cfm?newsid=10647&email" target="_blank">www . techworld . com) NGSSoftware managing director, Litchfield took a look at just over 1 million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle's database . The results? He found 157 SQL servers and 53 Oracle servers . Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: "There are approximately 368,000 Microsoft SQl Servers . . . and about 124,000 Oracle database servers directly accessible on the Internet," he wrote in his report, due to be made public next week .	SurferJoe46 (51)
611508	2007-11-14 23:37:00	don't forget home pc's are sometimes running servers, there was a worm some years ago that exploited that in a big way especially as some os's (w2k ?) also installs sql by default.	tweak'e (69)
611509	2007-11-15 00:17:00	Depends on what they mean by "without firewall". Web hosting companies etc. often open up their shared database servers so they can be connected to from anywhere in the world, and not just within their datacentre.	somebody (208)
611510	2007-11-15 01:00:00	In my opinion that article was so much FUD - all that was tested was whether those ports were open, not whether there was actually something insecure on the other end of it - if, in fact, it was even a database listening. Just because something listens on port 3306 doesn't automatically mean there is an unsecured or unpatched MySQL server there - as an example, I run openvpn on port 110 (the default port for POP3).	Erayd (23)
1