..hmmmm.. seems you is right. Still, it's nice to know that ISA blocks it even when publishing RPC... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, July 21, 2003 10:27 Subject: [isalist] MS03-26 http://www.ISAserver.org At 09:21 AM 7/21/2003, you wrote: Yo "ISA_Dewd" :) Saw your comments on my article. Thanks for providing that info about publishing RPC and ISA's protection of it. I know now that it is indeed exploitable over TCP 135 *and* UDP 135-- I got confirmation from LSD on that... Though we are all protected, I am still very worried about this one... This is a class exploit, and if/when a multi-vector worm is written, it will make slammer look like a fin packet. t ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')