Only if they access it by means of a direct connection from their pc to the internet (forgot that possibility). If you have set the default gateway on the pcs to point to isa server, then they will act as secure nat clients. If that's not the case and you have entered the proxy server in <insert fav browser here> preferences, they will be proxy clients. if you have done neither, they will not get outside. In any case the client machine will be protected by ISA (if it's properly configured). Switching the firewall client on or off rather affects how the clients communicates with ISA. -----Original Message----- From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Posted At: Wednesday, August 20, 2003 12:20 AM Posted To: www.isaserver.org Conversation: [isalist] Is TCP 135 clamped down? Subject: [isalist] RE: Is TCP 135 clamped down? http://www.ISAserver.org Hi Tom Just to clarify in case I am reading this incorrectly :-( 1 x SBS Server with ADSL Modem on External Nic 10 x PC clients with Firewall Software installed If one of them turns off the Firewall Software, and access the internet from the PC, they are exposed and it is likely the worm got in? Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net <http://www.iscl.net/> -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: 19 August 2003 20:57 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is TCP 135 clamped down? http://www.ISAserver.org Hi Simon, The internal interface is not exposed to firewall policy. If packet filtering was enabled, then that's how they got whacked. If they haven't enable packet filtering, then they have more than this exploit on their box :-) I'd check the FTP directory hierachy on that SBS box, you might be able to pick up some good movies. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Sent: Tuesday, August 19, 2003 3:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] Is TCP 135 clamped down? http://www.ISAserver.org Guys Just a very quick question! I met a new client that was infected by teh 2 latest worms going around the streets! They are running SBS2k with ISA setup, however the worm still got into the System. Is there a way to prove TCP135 was being protected? I have now patched the Server, and ALL workstations, as they were all infected! Finally, if the client PC's have the ISA Firewall Client turned OFF, are they still able to access teh Internet, WITHOUT Firewall Protection? Thanks for your help Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net <http://www.iscl.net/> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')