RE: Being Attacked...HELPED
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 May 2005 17:03:45 -0300
Amy's getting as bad as us now!!!!!!!
S
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, May 05, 2005 3:51 PM
To: ISA Mailing List
Subject: [isalist] RE: Being Attacked...HELPED
http://www.ISAserver.org
LOL! Oh, this is great!
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Help: http://helpdesk.harborcomputerservices.net/
Website: http://www.harborcomputerservices.net/
-----Original Message-----
From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx]
Sent: Thursday, May 05, 2005 2:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED
http://www.ISAserver.org
I know!
Unfortunately I was not hired before the infrastructure was in
place...thus I'm stuck with ISA. Do you all think it's a good idea to
block ports related to the trojan?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, May 05, 2005 4:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED
http://www.ISAserver.org
It must not have been a "hardware firewall", you know that they're more
secure than ISA :)
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx]
Sent: Thursday, May 05, 2005 1:32 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED
http://www.ISAserver.org
I have noticed that the initial attack had come from one of our test
networks that unfortunately had the fw wide open. I have since closed
it up.
I haven't seen any more attacks now for about an hour now. Thanks for
all the help..will keep you updated.
Scott
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, May 05, 2005 3:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED
http://www.ISAserver.org
Not much to that one, if that is what it is...
http://securityresponse.symantec.com/avcenter/venc/data/w32.dos.trinoo.h
tml
-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx]
Sent: Thursday, May 05, 2005 14:13
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED
http://www.ISAserver.org
On 5/5/05, Clarke, Scott <Scott.Clarke@xxxxxxxxxxxx> wrote:
> Easier said than done. We have 26 branch offices with their own
routers/switches. Is there
> a removal/detection tool for Trinoo because I believe the infection is
here at our main office?
Why do you think it is Trinoo? If your AV software detected, then it
should be quite capable of removing it. Patch your systems, ASAP.
Delete C:\WINDOWS\SYSTEM\service.exe AND
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"System
Services"="service.exe"
...D
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
The correct technical term for haggis stalking is "havering".
Other related posts:
