RE: FW: RE: Is TCP 135 clamped down?

• From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Aug 2003 22:18:13 +0200

The msblast has no email propagation methods included, so it can only
get distributed by malicious spammers or people that want to harm you.
But like I said, it's of course possible.


> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
> Posted At: Wednesday, August 20, 2003 1:07 AM
> Posted To: www.isaserver.org
> Conversation: [isalist] RE: FW: RE: Is TCP 135 clamped down?
> Subject: [isalist] RE: FW: RE: Is TCP 135 clamped down?
> 
> 
> http://www.ISAserver.org
> 
> 
> It's coming in mail as well...
> Your clients can bring it from home.
> It didn't pass through ISA if you have packet filtering 
> turned on and you didn't create a packet filter allowing TCP-135.
> 
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, August 19, 2003 15:16
> Subject: [isalist] RE: FW: RE: Is TCP 135 clamped down?
> 
> 
> http://www.ISAserver.org
> 
> 
> yes: good idea ;)  I have to correct myself though: these 
> setting expose netbios services (137, 138, 139), NOT 135. 
> Sorry for the confusion here. I'm not aware that there are 
> infection mechanisms making use of netbios.
> 
> 
> You should also disable netbios in the tcp/ip settings. Read 
> the article I posted the link of. Have there been error 
> messages in the eventlog stating that the firewall service 
> was unable to bind to certain ports?
> 
> Regarding the turning off of firewall clients, as I already 
> said: this has nothing to do with the protection of your 
> network. Having said that I wonder how the virus got in. Let 
> me sleep over it ;)
> 
> Mark
> 
> 
> -----Original Message-----
> From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
> Posted At: Wednesday, August 20, 2003 12:34 AM
> Posted To: www.isaserver.org
> Conversation: [isalist] RE: Is TCP 135 clamped down?
> Subject: [isalist] FW: RE: Is TCP 135 clamped down?
> 
> 
> http://www.ISAserver.org
> 
> 
> Mark
> Just discovered on the External Interfacr "Client For MS 
> Networks was ticked" as well as "File / Printer Sharing". I 
> have now unticked this!
> 
> Any comments?
> 
> Simon Weaver
> Technical Consultant
> MCSE+Internet / MCSE Windows 2000
> Integrated Solutions Corp. Ltd
> http://www.iscl.net <http://www.iscl.net/>
> 
> -----Original Message-----
> From: Mark Hippenstiel
> [mailto:M.Hippenstiel@xxxxxxxxxxxx]
> Sent: 19 August 2003 21:18
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Is TCP 135 clamped down?
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Simon,
> 
> sorry I don't quite understand your question, but it's
> late already. If you plug an infected sytsem into the network 
> and nothing is patched you'll end up having blaster on all 
> your machines (including SBS/ISA).
> 
> Having the MS network client bound to the external
> interface exposes tcp 135 to the internet. Anyone correct me 
> if that's wrong, that's what I recall. This could be another 
> way for the virus to get in.
> 
> The virus gets into a system via port 135. As long as a 
> system's not patched, it is vulnerable to the exploit. It 
> doesn't matter if it's a server or workstation. Once 
> infected, the machine will try to establish the virus on all 
> machines on the same subnet.
> 
> I can't think of any other ways the virus could have got
> into the network. Well that's not exactly true, my mail 
> scanner isolated an email with msblast.exe attached, but this 
> was on purpose :) The virus itself does not contain a mass 
> email element.
> 
> Hope I could help.
> Mark
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email 
> to $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 

Other related posts:

• » FW: RE: Is TCP 135 clamped down?
• » FW: RE: Is TCP 135 clamped down?
• » RE: FW: RE: Is TCP 135 clamped down?
• » RE: FW: RE: Is TCP 135 clamped down?
• » RE: FW: RE: Is TCP 135 clamped down?
• » RE: FW: RE: Is TCP 135 clamped down?
• » RE: FW: RE: Is TCP 135 clamped down?

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---