I brought those things to their attention. If they could open it up to me on that one router, they would also have to do something on all the other routers of theirs on the internet in order for distant users to get from them to me. They said they couldn't be the worlds biggest zombie network. I asked them about the ports like 25 and 80, and they said if it had hit that hard on those ports they would have been forced to do something, of course if no mail or traffic can get through, they are out of business anyway. And, there are (free) work around, like plain old pptp VPN through 98,2000,xp to ISA that makes it work again, just the extra step, and then browsing issues involved because of the gateway, if you make it work right, you open your network to the net through the client machine. I love a good lawsuit, but if it is shown that there is a work around for free users could use to "get by", I doubt it would win, with all the paranoia about virus, worms, etc. They would side with the ISP for trying to "protect" their users by causing a little discomfort to a few users. Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 3:14 PM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, That is an out and out DoS attack on your business. They can open that port for your net block selectively. They don't have to allow it inbound to all their blocks. Its insane and there ought to be a class action against them for there (should be illegal) restraint of commerce crap. Next time you talk to the brain trust over there, ask them why TCP 20, 21, 80, 110, 119, 143 and 443 are open. I did a Google search and found that some exploits move over those ports too. They better close those ports until "Microsoft" secures their code. What a crock of incompetents. :( BTW -- I do that kind of troubleshooting every day. Its like the spy business, nothing is ever like it seems :-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 3:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Well thanks guys, Two weeks ago they told me they were no longer blocking the traffic, yet it still didn't work. Today they tell me that they did not stop, and there is no end in sight to that blocking, until MS gets their code corrected properly and no more RPC exploits come out from cert. I thought it was me, so I was pulling my hair out. ISA? Server? Client? MS Patches broke it? My router with the Cisco patch? What could it be? Earthlink is still blocking! I've only been wrong once in my life, and that's when I thought I was wrong, but I was right! Know any good job openings? Resume avail upon request! Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 2:38 PM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, So, it looks like the 1720 is the only device you really manage yourself, the rest is earthlink? I'd check that to make sure there are no filters for TCP 135, and also get with Earthlink. You can also use Jim's Winsock tool to help you generate the traffic without having to deal with an actual Outlook client. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 2:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org My company hosts the Earthlink POP in my office. 72 dial up lines off of 3 t1 lines, and one t1 going back out for net access. Our hook up to the internet is this: ISA-Cisco 1720 router with built in csu-t1 cable to Earthlink closet-Adtran CSU (provides bandwidth throttling 512k)-Earthlink Router-another Adtran CSU-phone co smart jack-to who knows where... When I dial in to Earthlink, I am hitting their modem,router,csu, my CSU, my router, ISA. Unless my traffic is getting rerouted away and then back through the same equipment some how, those pieces of equipment should be the only ones involved. Jim, thanks to you to. I'm about to get Earthlink back on the phone. Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 2:14 PM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, OK, the SoBig issue isn't the problem here. The connection attempts to the endpoint mapper TCP 135 aren't making it to the ISA Server firewall. So, they're being blocked upstream from the ISA firewall. The trick is to figure out who's blocking them. How many routers under your admin control are there upstream from the ISA firewall? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 2:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org The version I'm running creates a protocol rule that denies udp send receive ports 8998, and 995-999. Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 Phone 870-864-8688 Fax 870-864-8689 Cell 870-866-9941 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 11:55 AM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, I have to say that I don't know what the SoBig script does :-) But I'm sure if it blocks TCP 135, then it will create an explicit packet filter to do so. Even if the Sobig script did some hidden blocking, the blocked connection attempts would appear in the NetMon trace. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 11:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Does the sobig script for ISA block the RPC port 135 traffic? I know it doesn't directly, but are there any secondary connections needed? But I have tried it with it turned off as well... Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 10:16 AM To: ISALists Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Hi Jeff, The procedure of publishing secure Exchange RPC is very quick an easy, so from the publishing end, the only things that might be whack might be: 1. The Exchange Server is not a SecureNAT client 2. The publishing rule is disabled 3. A packet filter is blocking the rule from working 4. Exchange is installed on the firewall and the socket is listening on all interface (this problem CAN'T be fixed without disabling NetBT, and Exchange really doesn't like that too much) The real problem with Secure Exchange RPC publishing is name resolution. Can you run NetMon on the external interface and see if the incoming TCP 135 connections are making it to the firewall? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] Sent: Wednesday, October 08, 2003 10:10 AM To: [ISAserver.org Discussion List] Subject: [isalist] Help Publishing Exchange 2000 RPC with ISA on Server 2000 http://www.ISAserver.org Here I am again.... My published RPC Exchange 2000 server through ISA still doesn't work. Worked fine till the worm crap started happening. Then ISPs started blocking port 135 and or RPC, but since then they assure me they have stopped. I have had Earthlink field technicians work with me on our setup, ours and their routers, dsu/csu, etc. They dug down deep and say that there is no blocking going on. Yet it doesn't work any more for us. Does anyone know if any of the Microsoft patches actually broke this functionality? Tom, I have been going through your deployment kits, but am a little confused. Is it still possible to do the RPC publishing with ISA server on Win 2000 server, and Exchange 2000 on Win 2000 server? Without any additional ssl, certificates, vpn, rpc over http, etc. It used to work, I just want it back. Is there any configuration lists or settings you need me to send to help identify the problem. Thanks Jeff Sloan Network Administrator Cross Oil Refining & Marketing, Inc. 484 E. 6th St. Smackover, AR 71762 Phone 870-864-8688 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')