RE: Do I have it?

  • From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 4 May 2004 11:33:24 +1000

You're blocking SMB traffic.  Generally a good thing if you've got external 
computers talking to you or you trying to talk to external computers.
 
Anthony.
-----Original Message-----
From: Mike Malter [mailto:mike@xxxxxxxxxxxxxx]
Sent: Tuesday, 4 May 2004 11:34
To: [ISAserver.org Discussion List]
Subject: [isalist] Do I have it?


http://www.ISAserver.org

I have been checking our packet filter logs and am seeing TONS of traffic like 
this:
 
The Source IP is one of the addresses on the public NIC in the ISA box.
 
Source                                    Destination                           
Protocol                 Param#1               Param#2
64.175.22.129                      66.216.74.58                        Udp      
                  1344                       137     
64.175.22.129                      66.216.74.58                        Udp      
                  1343                       137     
 
In the Microsoft bulletin it says to block the following at the firewall:
UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593
 
I ran the checker from the MS site yesterday on my ISA box, and it said I did 
not have the Sasser worm.  Everybody else is behind the firewall.  I also ran 
the script from ISATools on my ISA box too.
 
Thoughts?
 
Thanks.
 
Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
anthonym@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2004