You're blocking SMB traffic. Generally a good thing if you've got external computers talking to you or you trying to talk to external computers. Anthony. -----Original Message----- From: Mike Malter [mailto:mike@xxxxxxxxxxxxxx] Sent: Tuesday, 4 May 2004 11:34 To: [ISAserver.org Discussion List] Subject: [isalist] Do I have it? http://www.ISAserver.org I have been checking our packet filter logs and am seeing TONS of traffic like this: The Source IP is one of the addresses on the public NIC in the ISA box. Source Destination Protocol Param#1 Param#2 64.175.22.129 66.216.74.58 Udp 1344 137 64.175.22.129 66.216.74.58 Udp 1343 137 In the Microsoft bulletin it says to block the following at the firewall: UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593 I ran the checker from the MS site yesterday on my ISA box, and it said I did not have the Sasser worm. Everybody else is behind the firewall. I also ran the script from ISATools on my ISA box too. Thoughts? Thanks. Mike Malter (415) 479-1968 Office (415) 309-4637 Mobile (415) 462-2941 FAX ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: anthonym@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')