Re: Problem accessing Exchange Server remotely using Outlook

  • From: "Craig Weil" <craig_weil@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 14 Aug 2003 21:18:18 -0700

MessageThanks for the insight Jamie, you've definitely given me something to 
think about.  Everything I've read online about port 135 doesn't lead me to 
believe they'll be turning it back on soon.  Do you know for certain that they 
will or is that pretty much status quo?  I've been told that you can run DCOM 
over HTTP.  Is that an alternative for those seeking to run a domain across a 
WAN where they need user authentication without VPNs at all locations?

  ----- Original Message ----- 
  From: Jamie A. Byrnes 
  To: [ExchangeList] 
  Sent: Thursday, August 14, 2003 5:32 PM
  Subject: [exchangelist] Re: Problem accessing Exchange Server remotely using 

  This is a multi-part message in MIME format.


  Hi Guys,

  sorry to butt in, but I think some of you are missing an important point.

  Firstly, the blaster worm (which I was fortunate enough to be blessed with) 
attacks the DCOM service utilizing the RPC protocol. This seems easy enough, 
but note that IN THIS CASE it is the DCOM service that is vulnerable, RPC is 
simply the carrying protocol. The point is however that RPC (on port 135) can 
be used to get to a number of other services directly and therefore should 
NEVER be accessable from the dirty side of the firewall - EVER! If you want to 
use IMAP services remotely you should always be using a VPN. OWA was invented 
for those who don't want to, or can't use VPNs.

  How did I get infected then you might ask? One of those "CEO thinks personal 
firewall on his laptop is stopping his net so disables it, infects laptop, 
brings to work and plugs in" jobs. Some things you just can't stop...

  But back to Craigs problem. ISPs at the start of the year, for the first time 
ever, concertively blocked the SQL port used by slammer in the belief that no 
organization should be running that service across the net, and it would stop 
slammer. Worked great, until they turned it off. They're now doing the same for 
blaster, but only for a few days. Consider it a grace period to get your house 
in order. MSBA is a good place to start, or pay for something better if you can 
afford it.

  I recommend the NTBUGTRAQ list for learning more about these vulnerabilities 
as they arrive - about half of the vulnerabilities affecting MS products are 
first disclosed there. And as Russ Cooper, moderator of the list says, default 
deny is the golden rule of connecting to the net.


    -----Original Message-----
    From: Craig Weil [mailto:craig_weil@xxxxxxxxxxx] 
    Sent: Friday, 15 August 2003 9:17 AM
    To: [ExchangeList]
    Subject: [exchangelist] Re: Problem accessing Exchange Server remotely 
using Outlook

    Thanks for the info Steve,

    Turns out that the patch we used doesn't block port 135, but SBC, Cox 
Communications, and perhaps thousands of independent ISPs have now blocked port 
135 traffic from their bandwidth.  That is the root of our evil anyway.  Looks 
like I'll be spending some time discovering how to run IMAP across multiple 
      ----- Original Message ----- 
      From: Steve Moffat 
      To: [ExchangeList] 
      Sent: Thursday, August 14, 2003 3:24 PM
      Subject: [exchangelist] Re: Problem accessing Exchange Server remotely 
using Outlook

      The patch blocks port 135...:((




  List Archives:
  Exchange Newsletters:
  Exchange FAQ:
  Other Internet Software Marketing Sites:
  Leading Network Software Directory:
  No.1 ISA Server Resource Site:
  Windows Security Resource Site:
  Network Security Library:
  Windows 2000/NT Fax Solutions:
  You are currently subscribed to this Discussion List as: 
  To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts: