RE: Is TCP 135 clamped down?

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 19 Aug 2003 15:57:01 -0500

Hi Simon,
 
The internal interface is not exposed to firewall policy. If packet
filtering was enabled, then that's how they got whacked. If they haven't
enable packet filtering, then they have more than this exploit on their
box :-)  I'd check the FTP directory hierachy on that SBS box, you might
be able to pick up some good movies.
 
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] 
        Sent: Tuesday, August 19, 2003 3:48 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Is TCP 135 clamped down?
        
        
        http://www.ISAserver.org
        
        
        Guys
        Just a very quick question! I met a new client that was infected
by teh 2 latest worms going around the streets!
         
        They are running SBS2k with ISA setup, however the worm still
got into the System.
         
        Is there a way to prove TCP135 was being protected? I have now
patched the Server, and ALL workstations, as they were all infected!
         
        Finally, if the client PC's have the ISA Firewall Client turned
OFF, are they still able to access teh Internet, WITHOUT Firewall
Protection?
         
        Thanks for your help
         
        Simon Weaver
        Technical Consultant
        MCSE+Internet / MCSE Windows 2000
        Integrated Solutions Corp. Ltd
        http://www.iscl.net <http://www.iscl.net/>  
         
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?
• » RE: Is TCP 135 clamped down?

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---