RE: Do I have it?
- From: "Mike Malter" <mike@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 3 May 2004 19:10:36 -0700
I have a team of developers around the bay area VPN'ing in to code and
qa. I do not understand what the volume of this traffic means. Why
would I be trying to talk to 1000's of computers? Many of the entries
go into the hundreds where I am doing hundreds of transmissions to the
same IP but with a different Param#1 port but always with Param#2 at
137. One of these was over 700 transmissions.
Any thoughts?
Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX
_____
From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Monday, May 03, 2004 6:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Do I have it?
http://www.ISAserver.org
You're blocking SMB traffic. Generally a good thing if you've got
external computers talking to you or you trying to talk to external
computers.
Anthony.
-----Original Message-----
From: Mike Malter [mailto:mike@xxxxxxxxxxxxxx]
Sent: Tuesday, 4 May 2004 11:34
To: [ISAserver.org Discussion List]
Subject: [isalist] Do I have it?
http://www.ISAserver.org
I have been checking our packet filter logs and am seeing TONS
of traffic like this:
The Source IP is one of the addresses on the public NIC in the
ISA box.
Source
Destination Protocol Param#1
Param#2
64.175.22.129 66.216.74.58
Udp 1344 137
64.175.22.129 66.216.74.58
Udp 1343 137
In the Microsoft bulletin it says to block the following at the
firewall:
UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445,
and 593
I ran the checker from the MS site yesterday on my ISA box, and
it said I did not have the Sasser worm. Everybody else is behind the
firewall. I also ran the script from ISATools on my ISA box too.
Thoughts?
Thanks.
Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: anthonym@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mike@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
