RE: Is TCP 135 clamped down?
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Aug 2003 23:32:39 +0200
Only if they access it by means of a direct connection from their pc to
the internet (forgot that possibility).
If you have set the default gateway on the pcs to point to isa server,
then they will act as secure nat clients. If that's not the case and you
have entered the proxy server in <insert fav browser here> preferences,
they will be proxy clients. if you have done neither, they will not get
outside.
In any case the client machine will be protected by ISA (if it's
properly configured). Switching the firewall client on or off rather
affects how the clients communicates with ISA.
-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Posted At: Wednesday, August 20, 2003 12:20 AM
Posted To: www.isaserver.org
Conversation: [isalist] Is TCP 135 clamped down?
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Hi Tom
Just to clarify in case I am reading this incorrectly :-(
1 x SBS Server with ADSL Modem on External Nic
10 x PC clients with Firewall Software installed
If one of them turns off the Firewall Software, and access the
internet from the PC, they are exposed and it is likely the worm got in?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 19 August 2003 20:57
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Hi Simon,
The internal interface is not exposed to firewall
policy. If packet filtering was enabled, then that's how they got
whacked. If they haven't enable packet filtering, then they have more
than this exploit on their box :-) I'd check the FTP directory hierachy
on that SBS box, you might be able to pick up some good movies.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Simon Weaver
[mailto:Simon.Weaver@xxxxxxxx]
Sent: Tuesday, August 19, 2003 3:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Is TCP 135 clamped down?
http://www.ISAserver.org
Guys
Just a very quick question! I met a new client
that was infected by teh 2 latest worms going around the streets!
They are running SBS2k with ISA setup, however
the worm still got into the System.
Is there a way to prove TCP135 was being
protected? I have now patched the Server, and ALL workstations, as they
were all infected!
Finally, if the client PC's have the ISA
Firewall Client turned OFF, are they still able to access teh Internet,
WITHOUT Firewall Protection?
Thanks for your help
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: isaserver@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
