RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000

• From: "Jeff Sloan" <jsloan@xxxxxxxxxxxx>
• To: "ISALists" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 8 Oct 2003 15:28:47 -0500

I brought those things to their attention.
If they could open it up to me on that one router, they would also have
to do something on all the other routers of theirs on the internet in
order for distant users to get from them to me.

They said they couldn't be the worlds biggest zombie network.
I asked them about the ports like 25 and 80, and they said if it had hit
that hard on those ports they would have been forced to do something, of
course if no mail or traffic can get through, they are out of business
anyway.

And, there are (free) work around, like plain old pptp VPN through
98,2000,xp to ISA that makes it work again, just the extra step, and
then browsing issues involved because of the gateway, if you make it
work right, you open your network to the net through the client machine.

I love a good lawsuit, but if it is shown that there is a work around
for free users could use to "get by", I doubt it would win, with all the
paranoia about virus, worms, etc. They would side with the ISP for
trying to "protect" their users by causing a little discomfort to a few
users.

Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 3:14 PM
To: ISALists
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Hi Jeff,

That is an out and out DoS attack on your business.

They can open that port for your net block selectively. They don't have
to allow it inbound to all their blocks. Its insane and there ought to
be a class action against them for there (should be illegal) restraint
of commerce crap.

Next time you talk to the brain trust over there, ask them why TCP 20,
21, 80, 110, 119, 143 and 443 are open. I did a Google search and found
that some exploits move over those ports too. They better close those
ports until "Microsoft" secures their code. What a crock of
incompetents. :(

BTW -- I do that kind of troubleshooting every day. Its like the spy
business, nothing is ever like it seems :-)

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 3:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Well thanks guys,
Two weeks ago they told me they were no longer blocking the traffic, yet
it still didn't work. Today they tell me that they did not stop, and
there is no end in sight to that blocking, until MS gets their code
corrected properly and no more RPC exploits come out from cert.

I thought it was me, so I was pulling my hair out. 
ISA? Server? Client? MS Patches broke it? My router with the Cisco
patch? What could it be? Earthlink is still blocking!

I've only been wrong once in my life, and that's when I thought I was
wrong, but I was right!

Know any good job openings?
Resume avail upon request!

Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 2:38 PM
To: ISALists
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Hi Jeff,

So, it looks like the 1720 is the only device you really manage
yourself, the rest is earthlink?

I'd check that to make sure there are no filters for TCP 135, and also
get with Earthlink.

You can also use Jim's Winsock tool to help you generate the traffic
without having to deal with an actual Outlook client.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 2:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


My company hosts the Earthlink POP in my office.
72 dial up lines off of 3 t1 lines, and one t1 going back out for net
access.

Our hook up to the internet is this:
ISA-Cisco 1720 router with built in csu-t1 cable to Earthlink
closet-Adtran CSU (provides bandwidth throttling 512k)-Earthlink
Router-another Adtran CSU-phone co smart jack-to who knows where...

When I dial in to Earthlink, I am hitting their modem,router,csu, my
CSU, my router, ISA. Unless my traffic is getting rerouted away and then
back through the same equipment some how, those pieces of equipment
should be the only ones involved.

Jim, thanks to you to.
I'm about to get Earthlink back on the phone.

Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 2:14 PM
To: ISALists
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Hi Jeff,

OK, the SoBig issue isn't the problem here.

The connection attempts to the endpoint mapper TCP 135 aren't making it
to the ISA Server firewall. So, they're being blocked upstream from the
ISA firewall. The trick is to figure out who's blocking them. How many
routers under your admin control are there upstream from the ISA
firewall?

Thanks!

Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 2:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


The version I'm running creates a protocol rule that denies udp send
receive ports 8998, and 995-999.

Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 

Phone 870-864-8688
Fax     870-864-8689 
Cell     870-866-9941 



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 11:55 AM
To: ISALists
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Hi Jeff,

I have to say that I don't know what the SoBig script does :-)  But I'm
sure if it blocks TCP 135, then it will create an explicit packet filter
to do so.

Even if the Sobig script did some hidden blocking, the blocked
connection attempts would appear in the NetMon trace.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 11:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Does the sobig script for ISA block the RPC port 135 traffic?
I know it doesn't directly, but are there any secondary connections
needed? But I have tried it with it turned off as well...

Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 



-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 10:16 AM
To: ISALists
Subject: [isalist] RE: Help Publishing Exchange 2000 RPC with ISA on
Server 2000


http://www.ISAserver.org


Hi Jeff,

The procedure of publishing secure Exchange RPC is very quick an easy,
so from the publishing end, the only things that might be whack might
be:

1. The Exchange Server is not a SecureNAT client
2. The publishing rule is disabled
3. A packet filter is blocking the rule from working
4. Exchange is installed on the firewall and the socket is listening on
all interface (this problem CAN'T be fixed without disabling NetBT, and
Exchange really doesn't like that too much)

The real problem with Secure Exchange RPC publishing is name resolution.
Can you run NetMon on the external interface and see if the incoming TCP
135 connections are making it to the firewall?

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] 
Sent: Wednesday, October 08, 2003 10:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Help Publishing Exchange 2000 RPC with ISA on Server
2000


http://www.ISAserver.org


Here I am again....

My published RPC Exchange 2000 server through ISA still doesn't work.
Worked fine till the worm crap started happening. Then ISPs started
blocking port 135 and or RPC, but since then they assure me they have
stopped. I have had Earthlink field technicians work with me on our
setup, ours and their routers, dsu/csu, etc. They dug down deep and say
that there is no blocking going on.

Yet it doesn't work any more for us.
Does anyone know if any of the Microsoft patches actually broke this
functionality?

Tom, I have been going through your deployment kits, but am a little
confused. Is it still possible to do the RPC publishing with ISA server
on Win 2000 server, and Exchange 2000 on Win 2000 server? Without any
additional ssl, certificates, vpn, rpc over http, etc.

It used to work, I just want it back.

Is there any configuration lists or settings you need me to send to help
identify the problem. Thanks


Jeff Sloan 
Network Administrator 
Cross Oil Refining & Marketing, Inc. 
484 E. 6th St. 
Smackover, AR 71762 

Phone 870-864-8688

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000
• » RE: Help Publishing Exchange 2000 RPC with ISA on Server 2000

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---