http://www.ISAserver.org ------------------------------------------------------- Glenn, I am a very small business and would cringe and hate myself for pushing a client away. I would run away from this one. John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of > Glenn P. JOHNSTON > Sent: Thursday, July 13, 2006 3:00 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: File Sharing on the internet > > http://www.ISAserver.org > ------------------------------------------------------- > > Oh Boy, I am dropping this one like a hot potato. > > Based on my comments earlier that it's stupid to open the SQL to the > internet, They want to start something against the software developer > and not pay him > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of John T (Lists) > Sent: Thursday, 13 July 2006 18:07 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: File Sharing on the internet > > http://www.ISAserver.org > ------------------------------------------------------- > > Sorry I did not see this earlier Glenn. > > Why do they want white papers telling them this is a bad idea when they > already have the proof in front of them in the form of a comprised > server? > > Simply go aGoogling for SQL attack will turn up plenty of information. > > http://www.gcn.com/print/22_4/21214-1.html > http://www.securitydocs.com/library/3587 > > I mean, the list is long. > > > John T > eServices For You > > "Seek, and ye shall find!" > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of > > Glenn P. JOHNSTON > > Sent: Wednesday, July 12, 2006 10:46 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] File Sharing on the internet > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Hi, > > > > A company I do support work for on 'Dial a techie' basis, has had a > contractor write > > some software that needs to access a database on the companies server. > > > He > rolled > > this out onto the 28 sales pc's last week. > > > > He has just opened port 1433TCP and 1434UDP on the firewall to allow > > SQL > based > > authentications from client PC's out on the internet to access the > server. > It appears > > that someone has already hacked into the DB, some tables are empty, > > others corrupted, SQL logs show a lot of connections, far more so than > > > can be > explained by > > legitimate connections. > > > > This of course is a very bad idea, but the company wants some details > > and > white > > papers or the like that details why. This has all blown up in the last > hour and a half, > > and I need some thing to get back to them with tomorrow. > > > > If anyone has any suggestions of white papers etc that might be > appropriate, they > > would be much appreciated. > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx