FW: RE: Is TCP 135 clamped down?
- From: "Simon Weaver" <Simon.Weaver@xxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Aug 2003 22:34:05 -0000
Mark
Just discovered on the External Interfacr "Client For MS Networks was ticked"
as well as "File / Printer Sharing". I have now unticked this!
Any comments?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx]
Sent: 19 August 2003 21:18
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Hi Simon,
sorry I don't quite understand your question, but it's late already. If you
plug an infected sytsem into the network and nothing is patched you'll end up
having blaster on all your machines (including SBS/ISA).
Having the MS network client bound to the external interface exposes tcp 135 to
the internet. Anyone correct me if that's wrong, that's what I recall. This
could be another way for the virus to get in.
The virus gets into a system via port 135. As long as a system's not patched,
it is vulnerable to the exploit. It doesn't matter if it's a server or
workstation. Once infected, the machine will try to establish the virus on all
machines on the same subnet.
I can't think of any other ways the virus could have got into the network. Well
that's not exactly true, my mail scanner isolated an email with msblast.exe
attached, but this was on purpose :) The virus itself does not contain a mass
email element.
Hope I could help.
Mark
Other related posts:
