Re: Is it safe to block Sasser. E,1023,1022

• From: "Dan Bartley" <bartleyd@xxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 11 May 2004 10:28:56 -0400

Maybe a dumb question, isn't sasser already blocked from coming in if
ISA is restricted for inbound as per normal best practice? Or is there
something about this worm I missed? Serious questions, I'm not so sure
right now that I am not missing something here.

 

Best Regards,

Dan Bartley 



  _____  

From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx] 
Sent: Tuesday, May 11, 2004 10:15
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Is it safe to block Sasser. E,1023,1022

 

http://www.ISAserver.org

Hi jim, 
FYI, I get this error while I try to install sasser.vbs 1.6 
--------------------------- 
block_sasser.vbs ver 1.6 
--------------------------- 
Failed to save the "W32.Sasser (TCP-445)" protocol definition; error
0x80040335; The object is identical to an object that was removed but
the object removal process is not complete.  Hit <CTRL> C to copy this
error message to the clipboard.

--------------------------- 
OK   
--------------------------- 
Thanks, 
Athif 

-----Original Message----- 
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ] 
Sent: Tuesday, 11 May 2004 4:13 PM 
To: [ISAserver.org Discussion List] 
Subject: [isalist] Re: Is it safe to block Sasser. E,1023,1022 

 

http://www.ISAserver.org <http://www.ISAserver.org>  

Yes; it's even easier to do it with the script updated for you...
http://isatools.org/block_sasser.vbs
<http://isatools.org/block_sasser.vbs>  version 1.6. It handles Sasser-E
and Sasser-F.

  Jim Harrison 
  MCP(NT4, W2K), A+, Network+, PCG 
  http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/>  
  http://isatools.org <http://isatools.org>  
  Read the help / books / articles! 

 

On Tue, 11 May 2004 11:41:49 +0300 
 mathif@xxxxxxxxxxxxxxx wrote: 
http://www.ISAserver.org <http://www.ISAserver.org>  

Gentelmen, 
Is it safe to block Sasser. E, actually, it uses port 1023 instead of
port 5554 and port 1022 instead of port 9996. 
What do you think?? 

Regards, 
Mohammed Athif Khaleel 
Asst.Network Engineer 
AlFaisaliah Group Information Technology 
Tel.: +966-1-461-0077 x.209 
Moble.: +966-509774015 
Email: mathif@xxxxxxxxxxxxxxx 
Have you installed the patch for Microsoft Security Bulletin MS04-11?
"Save Internet, Keep all the systems patched" 
Web: http://alfaisaliah.com <http://alfaisaliah.com>
<http://alfaisaliah.com <http://alfaisaliah.com> > 

 

----------------------------------------------------- 
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom/which
they are addressed. If you have received this email in error please
notify the system manager at the following email address:
sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that
any views or opinions presented in this email are solely those of the
author and do not necessarily represent those of Al Faisaliah Group.
Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, arrive late or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the context of this message, which arise as a
result of Internet transmission.  Finally, the recipient should check
this email and any attachments for the presence of viruses. Al Faisaliah
Group accepts no liability for any damage caused by any virus
transmitted by this email. 

----------------------------------------------------- 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bartleyd@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Is it safe to block Sasser. E,1023,1022
• » RE: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022
• » Re: Is it safe to block Sasser. E,1023,1022

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---