This is the best description I've seen so far. http://www.eeye.com/html/Research/Advisories/AL20030811.html Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Matthew Bunce" <isa.mailinglist@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, August 12, 2003 06:10 Subject: [isalist] Blocking w32.blaster.worm? http://www.ISAserver.org I have done all I can to secure my internal network, patching everything that even looks like a computer (believe me the toaster did not like having a CD with the patch on it inserted!) VPN has been suspended until futher notice while we make sure that all our partners are secured and patched and all laptops are being checked in a sandbox enviroment until we are sure they are clean. What ports on our external ISA can I block to stop incoming/outgoing activity by this worm if for any reason we have an infection? Will failed connections to RPC on the ISA cause any DoS? Is there anything I can do to limit the damage of an infection coming in via VPN? Are there port filters I can apply to VPN traffic? Many thanks. Matthew Bunce Kluster (UK) Limited ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')