RE: DNS Server dies after port 1434 attack
- From: "Robert Zeff" <rzeff@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 10 Dec 2003 14:00:26 -0800
> -----k
>
> http://www.ISAserver.org
>
> Hi Glen,
>
> Port 1434 is another port with SQL servers. I would look at
> the sql server if you have one, to make sure That it is
> patched correctly.
No SQL server here.
>
> Joseph
>
> -----Original Message-----
> From: Robert Zeff [mailto:rzeff@xxxxxxxxxx]
> Sent: Wednesday, December 10, 2003 1:27 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS Server dies after port 1434 attack
>
>
> http://www.ISAserver.org
>
> Hi Glen,
> did you figure it out? Was it after an attack?
> In my case, BTW, if I disable the publishing rule, wait 5 minutes, and
> re-enable, it's food to go for another few days or weeks.
> -
>
>
> _____
>
> From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
> Sent: Wednesday, December 10, 2003 1:10 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS Server dies after port 1434 attack
>
>
> http://www.ISAserver.org
>
>
> Just an FYI to the group, My ISA also did the same but with
> published FTP services.
>
> -----Original Message-----
> From: Robert Zeff [mailto:rzeff@xxxxxxxxxx]
> Sent: Wednesday, December 10, 2003 9:22 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] DNS Server dies after port 1434 attack
>
>
> http://www.ISAserver.org
>
>
> I have another odd problem with ISA. I have a name server (IIS)
> on an
> internal box that answers to 192.168.254.30 & 31
>
> I am publishing this server on ISA for external ip addresses
> xx.xx.xx.226 &
> .227.
>
> Every day or two, sometimes two weeks, one of the publishing
> rules fails.
> There are no errors, it just quits forwarding the request. It
> seems like it
> always happens after an attack on port 1434. From our logs:
>
> 12/10/2003, 1:28:59, 66.77.132.210, xx.xx.xx.253, Udp, 1034,
> 1434, -,
> BLOCKED, xx.xx.xx.xx, -, -
> 12/10/2003, 1:30:30, 211.154.52.146, xx.xx.xx.228, Udp, 4529,
> 53, -,
> BLOCKED, xx.xx.xx.xx, -, -
>
> Any ideas?
>
> Thanks,
> -
> Robert
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: gmaks@xxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: rzeff@xxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/
> Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: rzeff@xxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
Other related posts:
