Mark Just discovered on the External Interfacr "Client For MS Networks was ticked" as well as "File / Printer Sharing". I have now unticked this! Any comments? Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net <http://www.iscl.net/> -----Original Message----- From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] Sent: 19 August 2003 21:18 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is TCP 135 clamped down? http://www.ISAserver.org Hi Simon, sorry I don't quite understand your question, but it's late already. If you plug an infected sytsem into the network and nothing is patched you'll end up having blaster on all your machines (including SBS/ISA). Having the MS network client bound to the external interface exposes tcp 135 to the internet. Anyone correct me if that's wrong, that's what I recall. This could be another way for the virus to get in. The virus gets into a system via port 135. As long as a system's not patched, it is vulnerable to the exploit. It doesn't matter if it's a server or workstation. Once infected, the machine will try to establish the virus on all machines on the same subnet. I can't think of any other ways the virus could have got into the network. Well that's not exactly true, my mail scanner isolated an email with msblast.exe attached, but this was on purpose :) The virus itself does not contain a mass email element. Hope I could help. Mark