Re: Blocking w32.blaster.worm?
- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 13 Aug 2003 15:39:41 +1000
Jim I thought of you when I heard this. I was enjoying a day off work,
doing some cleaning of the garage, when listening to the radio they
asked "computer experts" to ring in and explain how to fix this worm
problem. Well the "experts" the got were a 14 year old kid who said
unscrew the HDD and something else ridiculous. A guy from some stupid
company saying do such and such and finally a lady who called herself
"fairly computer literate" which actually means she knows sweet F* A*
saying that Microsoft had actually put out the virus from their site.
I thru the hammer down in disgust and decided to drill an hole in my
head.
Thought you would love to hear that.
Greg Mulholland
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, August 13, 2003 12:26 AM
To: [ISAserver.org Discussion List]
http://www.ISAserver.org
This is the best description I've seen so far.
http://www.eeye.com/html/Research/Advisories/AL20030811.html
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Matthew Bunce" <isa.mailinglist@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, August 12, 2003 06:10
Subject: [isalist] Blocking w32.blaster.worm?
http://www.ISAserver.org
I have done all I can to secure my internal network, patching everything
that even looks like a computer (believe me the toaster did not like
having a CD with the patch on it inserted!)
VPN has been suspended until futher notice while we make sure that all
our
partners are secured and patched and all laptops are being checked in a
sandbox enviroment until we are sure they are clean.
What ports on our external ISA can I block to stop incoming/outgoing
activity by this worm if for any reason we have an infection? Will
failed
connections to RPC on the ISA cause any DoS? Is there anything I can do
to
limit the damage of an infection coming in via VPN? Are there port
filters
I can apply to VPN traffic?
Many thanks.
Matthew Bunce
Kluster (UK) Limited
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
