RE: Port 1433 outbound from my Firewall...?
- From: Jim Harrison <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 05 Oct 2004 06:47:01 -0700
What did you find in your logs?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Tue, 5 Oct 2004 15:12:51 +0200
"William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Unluckily I am still running on ISA2K...
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 04 October 2004 04:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port 1433 outbound from my Firewall...?
http://www.ISAserver.org
It's unlikely that the ISA MSDE could get infeted unless it's been
reconfigured to listen on one or more interfaces.
By default, ISA MSDE is not bound to any interface; it's strictly
memory-mapped networking on the box.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Mon, 4 Oct 2004 08:47:46 -0500
"Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org
This ISA 2004 (MSDE doing the logging)? If so I'm guessing your ISA is
infected. But at least it ain't getting' your internal network :) If
you can, reboot your ISA and see if the problem goes away for a period
of time. Then patch your box. Slammer is only memory resident and
doesn't write files so an infection will go away with a reboot (until it
gets infected again).
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Monday, October 04, 2004 9:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Port 1433 outbound from my Firewall...?
http://www.ISAserver.org
Hi there
I am seeing something strange, and would appreciate some comment on this
please...
I have noticed an ever-increasing amount of UDP:1433 traffic in my
Packet
Filter Log, the bugger is that my ISA's external IP Address is shown as
the
source address. My semi-conclusion at this stage is that I may have a
SQL
Slammer infected server/workstation in my midst, but I would appreciate
any
and all analysis of the following excerpt (BTW, the destination IP
Address
range varies quite immensely)
10/4/2004, 15:12:08, <ISA Ext NIC>, 5.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:16, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:16, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:19, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:19, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:21, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
10/4/2004, 15:12:21, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -,
BLOCKED,
<ISA Ext NIC>, -, -
Thanks
William R.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
