> But this worm required external access to an internal server (SQL Servers > are not front-end ones); even with a bad or no patch management system, this > simply wouldn't happen on a properly configured network. Whoever got > slammered, has more problems than just this worm. Even with no firewall or > screening router, use of RFC1918 private IP address on the SQL Server would > have prevented this worm attack
RFC1918 addresses would not have prevented this worm attack. RFC1918 != security
