even when they are outside they might use good guys inside as a relay. so patch for this netbios driver buffer overrun is necessary even when you trust people inside. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, September 03, 2002 3.51 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: DOS Vulnerability? http://www.ISAserver.org I would apply the patch anyway; the bad guys aren't always outside... To clarify Leighton's comment, you'd have to server-publish SMB to each internal client for them to be "hit" through ISA. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the books! ----- Original Message ----- From: "Sheppard, Leighton" <leightonsheppard@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, September 03, 2002 6:02 AM Subject: [isalist] RE: DOS Vulnerability? http://www.ISAserver.org I suppose they are if SMB is opened through the ISA? The client machines would need patching. This mail was content checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection and anti-virus for Exchange & SMTP servers. Spam, viruses, dangerous attachments and offensive content are removed automatically. Key features include: Multiple virus engines; Email content & attachment checking; Exploit shield - email intrusion detection & defence; Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to GFI MailSecurity, GFI also produces the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP.