RE: Being Attacked...HELPED

• From: "G.Waleed Kavalec" <kavalec@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 May 2005 13:59:52 -0500

Scott

Just get up to speed with ISA.  It *can* be a beyotch sometimes, but I
would NOT trade it for any hardware firewall.

And (cringe) I'm still on ISA 2000.



On 5/5/05, Clarke, Scott <Scott.Clarke@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> I know!
> 
> Unfortunately I was not hired before the infrastructure was in place...thus 
> I'm stuck with ISA.  Do you all think it's a good idea to block ports related 
> to the trojan?
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, May 05, 2005 4:06 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Being Attacked...HELPED
> 
> http://www.ISAserver.org
> 
> It must not have been a "hardware firewall", you know that they're more
> secure than ISA :)
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> -----Original Message-----
> From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx]
> Sent: Thursday, May 05, 2005 1:32 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Being Attacked...HELPED
> 
> http://www.ISAserver.org
> 
> I have noticed that the initial attack had come from one of our test
> networks that unfortunately had the fw wide open.  I have since closed
> it up.
> 
> I haven't seen any more attacks now for about an hour now.  Thanks for
> all the help..will keep you updated.
> 
> Scott
> 
> -----Original Message-----
> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> Sent: Thursday, May 05, 2005 3:52 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Being Attacked...HELPED
> 
> http://www.ISAserver.org
> 
> Not much to that one, if that is what it is...
> http://securityresponse.symantec.com/avcenter/venc/data/w32.dos.trinoo.h
> tml
> 
> -----Original Message-----
> From: Danny [mailto:nocmonkey@xxxxxxxxx]
> Sent: Thursday, May 05, 2005 14:13
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Being Attacked...HELPED
> 
> http://www.ISAserver.org
> 
> On 5/5/05, Clarke, Scott <Scott.Clarke@xxxxxxxxxxxx> wrote:
> > Easier said than done.  We have 26 branch offices with their own
> routers/switches.  Is there
> > a removal/detection tool for Trinoo because I believe the infection is
> here at our main office?
> 
> Why do you think it is Trinoo?  If your AV software detected, then it
> should be quite capable of removing it.  Patch your systems, ASAP.
> 
> Delete C:\WINDOWS\SYSTEM\service.exe  AND
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"System
> Services"="service.exe"
> 
> ...D
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> scott.clarke@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> scott.clarke@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> kavalec@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 


-- 
 

G. Waleed Kavalec
-------------------------------
Copyright:  G. Waleed Kavalec 2005
This message may be resent and/or repuplished 
provided the content and this notice are kept intact.

Other related posts:

• » Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » Re: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED

1. Home
2. isalist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---