On Wed, 13 Aug 2003 11:28:31 -0700, Chris Berry wrote: >>I was infected by MSBlast the other day and hit again while repairing >>it yet I was running Internet Connection Firewall (default config >>including logging and no services enabled) >> >>As Microsoft points out in MS03-026, "If you are using the Internet >>Connection Firewall in Windows XP or Windows Server 2003 to protect your >>Internet connection, it will by default block inbound RPC traffic from >>the Internet." >> >>Okay I should have patched anyway but the firewall should have >>protected me. I checked the settings while I was patching and was hit >>again... >> >>Logs show nothing at all. >> >>How was I infected? > >Because the built in XP firewall is about as effective as a pile of >spitwads. You should upgrade to zone alarm or IPCOP or somthing that has a >little more punch. Is running a software firewall on a server (DC?) really feasible? After allowing for okayed traffic I'd say it's pretty much open anyway (relatively speaking)... Anybody have insights on this issue? BW, Sorin # Sorin Srbu, Systems Engineer Web: http://www.farmfak.uu.se/organisk/ # Dept of Medicinal Chemistry, Phone: +46 (0)18-4714482 >> 5 signals >> GSM # Div of Org Pharm Chem, Mobile Phone: +46 (0)701-718023 # BMC, Box 574, Uppsala University Fax: +46 (0)18-4714474 # SE-751 23 Uppsala, Sweden Visit: BMC, Husargatan 3, D5:512b # # Public PGP key available on request. # # () ascii ribbon campaign - against html e-mail # /\ ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=148 ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm