Re: Problem accessing Exchange Server remotely using Outlook

  • From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 15 Aug 2003 10:02:04 +0930

Hi Guys,
sorry to butt in, but I think some of you are missing an important
Firstly, the blaster worm (which I was fortunate enough to be blessed
with) attacks the DCOM service utilizing the RPC protocol. This seems
easy enough, but note that IN THIS CASE it is the DCOM service that is
vulnerable, RPC is simply the carrying protocol. The point is however
that RPC (on port 135) can be used to get to a number of other services
directly and therefore should NEVER be accessable from the dirty side of
the firewall - EVER! If you want to use IMAP services remotely you
should always be using a VPN. OWA was invented for those who don't want
to, or can't use VPNs.
How did I get infected then you might ask? One of those "CEO thinks
personal firewall on his laptop is stopping his net so disables it,
infects laptop, brings to work and plugs in" jobs. Some things you just
can't stop...
But back to Craigs problem. ISPs at the start of the year, for the first
time ever, concertively blocked the SQL port used by slammer in the
belief that no organization should be running that service across the
net, and it would stop slammer. Worked great, until they turned it off.
They're now doing the same for blaster, but only for a few days.
Consider it a grace period to get your house in order. MSBA is a good
place to start, or pay for something better if you can afford it.
I recommend the NTBUGTRAQ list for learning more about these
vulnerabilities as they arrive - about half of the vulnerabilities
affecting MS products are first disclosed there. And as Russ Cooper,
moderator of the list says, default deny is the golden rule of
connecting to the net.

        -----Original Message-----
        From: Craig Weil [mailto:craig_weil@xxxxxxxxxxx] 
        Sent: Friday, 15 August 2003 9:17 AM
        To: [ExchangeList]
        Subject: [exchangelist] Re: Problem accessing Exchange Server
remotely using Outlook
        Thanks for the info Steve,
        Turns out that the patch we used doesn't block port 135, but
SBC, Cox Communications, and perhaps thousands of independent ISPs have
now blocked port 135 traffic from their bandwidth.  That is the root of
our evil anyway.  Looks like I'll be spending some time discovering how
to run IMAP across multiple sites.

                ----- Original Message ----- 
                From: Steve Moffat
                To: [ExchangeList] <mailto:exchangelist@xxxxxxxxxxxxx>  
                Sent: Thursday, August 14, 2003 3:24 PM
                Subject: [exchangelist] Re: Problem accessing Exchange
Server remotely using Outlook

                The patch blocks port 135...:((

Other related posts: