Re: Blocking w32.blaster.worm?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2003 11:27:18 -0500
Hi Brian,
That should read:
"I've got no problem with that"
:-)
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Thomas W Shinder
Sent: Tuesday, August 12, 2003 10:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Blocking w32.blaster.worm?
http://www.ISAserver.org
Hi Brian,
If you don't need it, close it. I've got to problem with that.
But I have a lot of people using Exchange RPC publishing rules to access
the Exchange Servers from on the road. These folks are safe, but
authoritative sources say thou shalt close TCP 135 without consideration
of the fact that at least one firewall (and the only one that I know of)
protects you from the exploit. Of course the Exchange servers were the
first ones to be patched and are the ones monitored most closely, but
that's always the case.
But, if you don't need the service that port services, close it.
Thats always wise advice and consistent with the principle of least
privilege.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
Other related posts:
