The msblast has no email propagation methods included, so it can only get distributed by malicious spammers or people that want to harm you. But like I said, it's of course possible. > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Posted At: Wednesday, August 20, 2003 1:07 AM > Posted To: www.isaserver.org > Conversation: [isalist] RE: FW: RE: Is TCP 135 clamped down? > Subject: [isalist] RE: FW: RE: Is TCP 135 clamped down? > > > http://www.ISAserver.org > > > It's coming in mail as well... > Your clients can bring it from home. > It didn't pass through ISA if you have packet filtering > turned on and you didn't create a packet filter allowing TCP-135. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, August 19, 2003 15:16 > Subject: [isalist] RE: FW: RE: Is TCP 135 clamped down? > > > http://www.ISAserver.org > > > yes: good idea ;) I have to correct myself though: these > setting expose netbios services (137, 138, 139), NOT 135. > Sorry for the confusion here. I'm not aware that there are > infection mechanisms making use of netbios. > > > You should also disable netbios in the tcp/ip settings. Read > the article I posted the link of. Have there been error > messages in the eventlog stating that the firewall service > was unable to bind to certain ports? > > Regarding the turning off of firewall clients, as I already > said: this has nothing to do with the protection of your > network. Having said that I wonder how the virus got in. Let > me sleep over it ;) > > Mark > > > -----Original Message----- > From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] > Posted At: Wednesday, August 20, 2003 12:34 AM > Posted To: www.isaserver.org > Conversation: [isalist] RE: Is TCP 135 clamped down? > Subject: [isalist] FW: RE: Is TCP 135 clamped down? > > > http://www.ISAserver.org > > > Mark > Just discovered on the External Interfacr "Client For MS > Networks was ticked" as well as "File / Printer Sharing". I > have now unticked this! > > Any comments? > > Simon Weaver > Technical Consultant > MCSE+Internet / MCSE Windows 2000 > Integrated Solutions Corp. Ltd > http://www.iscl.net <http://www.iscl.net/> > > -----Original Message----- > From: Mark Hippenstiel > [mailto:M.Hippenstiel@xxxxxxxxxxxx] > Sent: 19 August 2003 21:18 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Is TCP 135 clamped down? > > > http://www.ISAserver.org > > > Hi Simon, > > sorry I don't quite understand your question, but it's > late already. If you plug an infected sytsem into the network > and nothing is patched you'll end up having blaster on all > your machines (including SBS/ISA). > > Having the MS network client bound to the external > interface exposes tcp 135 to the internet. Anyone correct me > if that's wrong, that's what I recall. This could be another > way for the virus to get in. > > The virus gets into a system via port 135. As long as a > system's not patched, it is vulnerable to the exploit. It > doesn't matter if it's a server or workstation. Once > infected, the machine will try to establish the virus on all > machines on the same subnet. > > I can't think of any other ways the virus could have got > into the network. Well that's not exactly true, my mail > scanner isolated an email with msblast.exe attached, but this > was on purpose :) The virus itself does not contain a mass > email element. > > Hope I could help. > Mark > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank > email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email > to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank > email to $subst('Email.Unsub') >