RE: Port 1433 outbound from my Firewall...?

• From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 4 Oct 2004 08:47:46 -0500

This ISA 2004 (MSDE doing the logging)?  If so I'm guessing your ISA is
infected.  But at least it ain't getting' your internal network :)  If
you can, reboot your ISA and see if the problem goes away for a period
of time.  Then patch your box.  Slammer is only memory resident and
doesn't write files so an infection will go away with a reboot (until it
gets infected again).

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Monday, October 04, 2004 9:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Port 1433 outbound from my Firewall...?

http://www.ISAserver.org

Hi there

I am seeing something strange, and would appreciate some comment on this
please...

I have noticed an ever-increasing amount of UDP:1433 traffic in my
Packet
Filter Log, the bugger is that my ISA's external IP Address is shown as
the
source address. My semi-conclusion at this stage is that I may have a
SQL
Slammer infected server/workstation in my midst, but I would appreciate
any
and all analysis of the following excerpt (BTW, the destination IP
Address
range varies quite immensely)

10/4/2004, 15:12:08, <ISA Ext NIC>, 5.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:16, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:16, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:19, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:19, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:21, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:21, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -

Thanks
William R.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Port 1433 outbound from my Firewall...?
• » Re: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?

1. Home
2. isalist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---