Re: MS-Blast scripts

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 14 Aug 2003 15:52:46 -0500

Hey Jim and everyone else,

I'll take the leap and admit that I'm a moron here. 

Is it me, or does no one explain how the Blaster exploit gets into a
network? Is the exploit passed via email? A Web site download? 

Or, is it brought in by dreaded machines that have had a direct
connection to the Internet and some "worm" NOS scanned it for TCP 135
and deposited its payload on it? Then the machine was brought on the
internal side of the firewall and spread that way?

I'm just trying to figure out how the thing is spread, and if all
machines have been behind an ISA firewall (not just a packet filter),
then it would be impossbile to get hit without someone coming in "out of
band".

Thanks for any and all help at educating me on this!

Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Thursday, August 14, 2003 3:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MS-Blast scripts


http://www.ISAserver.org


No prob; when (if) you finish the ISA log-SQL import tools, I'll take
credit
there...
;-)

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 14, 2003 11:44
Subject: [isalist] Re: MS-Blast scripts


http://www.ISAserver.org


Thanks dude!  More credit for me! <grin>

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, August 14, 2003 11:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MS-Blast scripts


http://www.ISAserver.org


Since the little punks are making things interesting, I've had to update
the scripts. http://isatools.org/msblast.zip.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, August 13, 2003 23:02
Subject: [isalist] MS-Blast scripts


http://www.ISAserver.org


OK; I finally finished them:
http://isatools.org/msblast.zip

It contains two scripts:
- block_msblast.vbs; this will prevent an internal infection from
spreading outside your walls
    it likes all Enterprise variations and Standalone environments
equally
- fix_msblast.vbs; this will remove the little bugger and even validate
your hotfix instalation (in the registry, anyway)

.take a look at the logic for the blocker script; you'll understand why
scripting rules for Enterprise environments can get so hairy.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » Re: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » RE: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts
• » Re: MS-Blast scripts

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---