Do I have it?

  • From: "Mike Malter" <mike@xxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 3 May 2004 18:34:08 -0700

I have been checking our packet filter logs and am seeing TONS of
traffic like this:
 
The Source IP is one of the addresses on the public NIC in the ISA box.
 
Source                                    Destination
Protocol                 Param#1               Param#2
64.175.22.129                      66.216.74.58
Udp                        1344                       137     
64.175.22.129                      66.216.74.58
Udp                        1343                       137     
 
In the Microsoft bulletin it says to block the following at the
firewall:
UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593
 
I ran the checker from the MS site yesterday on my ISA box, and it said
I did not have the Sasser worm.  Everybody else is behind the firewall.
I also ran the script from ISATools on my ISA box too.
 
Thoughts?
 
Thanks.
 
Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX
 

Other related posts: