Scott Just get up to speed with ISA. It *can* be a beyotch sometimes, but I would NOT trade it for any hardware firewall. And (cringe) I'm still on ISA 2000. On 5/5/05, Clarke, Scott <Scott.Clarke@xxxxxxxxxxxx> wrote: > http://www.ISAserver.org > > I know! > > Unfortunately I was not hired before the infrastructure was in place...thus > I'm stuck with ISA. Do you all think it's a good idea to block ports related > to the trojan? > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, May 05, 2005 4:06 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Being Attacked...HELPED > > http://www.ISAserver.org > > It must not have been a "hardware firewall", you know that they're more > secure than ISA :) > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > -----Original Message----- > From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx] > Sent: Thursday, May 05, 2005 1:32 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Being Attacked...HELPED > > http://www.ISAserver.org > > I have noticed that the initial attack had come from one of our test > networks that unfortunately had the fw wide open. I have since closed > it up. > > I haven't seen any more attacks now for about an hour now. Thanks for > all the help..will keep you updated. > > Scott > > -----Original Message----- > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] > Sent: Thursday, May 05, 2005 3:52 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Being Attacked...HELPED > > http://www.ISAserver.org > > Not much to that one, if that is what it is... > http://securityresponse.symantec.com/avcenter/venc/data/w32.dos.trinoo.h > tml > > -----Original Message----- > From: Danny [mailto:nocmonkey@xxxxxxxxx] > Sent: Thursday, May 05, 2005 14:13 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Being Attacked...HELPED > > http://www.ISAserver.org > > On 5/5/05, Clarke, Scott <Scott.Clarke@xxxxxxxxxxxx> wrote: > > Easier said than done. We have 26 branch offices with their own > routers/switches. Is there > > a removal/detection tool for Trinoo because I believe the infection is > here at our main office? > > Why do you think it is Trinoo? If your AV software detected, then it > should be quite capable of removing it. Patch your systems, ASAP. > > Delete C:\WINDOWS\SYSTEM\service.exe AND > HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"System > Services"="service.exe" > > ...D > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > scott.clarke@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > scott.clarke@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > kavalec@xxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > -- G. Waleed Kavalec ------------------------------- Copyright: G. Waleed Kavalec 2005 This message may be resent and/or repuplished provided the content and this notice are kept intact.