RE: No problem with Exchange RPC and RPC patch
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 18 Aug 2003 11:41:22 -0500
Hi John,
I think its a reasonable idea in general, but they need to allow
outbound access on a more granular basis for those home workers that
need outbound access to Exchange. But, I see that the problem is that
the home workers, unless they use a business account, they don't have a
static address, so it makes it difficult to allow that user outbound
access. Moral of the story? There isn't one :-)
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: John Tolmachoff (Lists)
[mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, August 18, 2003 10:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: No problem with Exchange RPC and RPC
patch
http://www.ISAserver.org
Actually, I have no problem with an ISP block residential users
of that port for say, 3-5 days. But, at the same time, they should put
up a notice, AND, have an easy way for their users to get the patch and
the fixes quickly.
Example, I have helped 2 friends by burning the patch onto a CD
along with the Symantec clean program and updated virus definitions
because they could not get online long enough to download.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, August 18, 2003 8:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: No problem with Exchange RPC and RPC
patch
http://www.ISAserver.org
Hi Jeff,
Yes, I'm painfully aware of this situation. Its a very sad state
of affairs. I wonder what going to happen when the dirtbags figure out
how to tunnel these exploits using TCP 80, 443 and 25? They going to
shut down those ports too? IMHO, they're very ill advised by blocking
TCP 135.
Thanks for the update!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx]
Sent: Monday, August 18, 2003 10:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: No problem with Exchange RPC and
RPC patch
http://www.ISAserver.org
I learned late Fri night that Earthlink IS BLOCKING PORT
135.
After several calls to Earthlink direct and to some of
their actual router guys that service the dial up locations, they all
assured me that they were not blocking ports, or at least were not aware
of it.
Then after a long conversation with a supervisor of
their satellite division, the supervisor admitted they WERE blocking
port 135.
The reason makes sense, but it still kills businesses
using Exchange over the internet.
He said customers could not get the update because their
machines would keep locking up or rebooting, so temporarily they are
blocking the port until the attacks die down and users have a chance to
update.
Also, a check on the MS Exchange bulletin boards
confirms that other ISPs are blocking it as well, and the only way
around it is to set up VPNs to tunnel through in order for Exchange to
work.
My problem with that is that my salesmen connecting on
sorry hotel phone systems and satellite connections have ping rates that
are way to slow and on average at least half of the pings to anywhere
fail.
So we are not able to VPN either.
Now, even if Earthlink stops blocking 135, others may
not, and the ISP industry outsources, or resells their equipment to
others, so some little 'po dunk' ISP that continues to block 135 could
adversely affect connectivity should their routers happen to be in the
path between my users and my network here.
As far as other ISPs we could use, we are a small town
that has only one choice for internet service, and that is Earthlink,
and it just so happens that their equipment is in my office.
Anyway, thought some of you might like to know what may
be going on.
Jeff Sloan
Network Administrator
Cross Oil Refining & Marketing, Inc.
484 E. 6th St.
Smackover, AR 71762
Phone 870-864-8688
Fax 870-864-8689
Cell 870-866-9941
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
