RE: FW: RE: Is TCP 135 clamped down?
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 20 Aug 2003 00:16:27 +0200
yes: good idea ;) I have to correct myself though: these setting expose
netbios services (137, 138, 139), NOT 135. Sorry for the confusion here.
I'm not aware that there are infection mechanisms making use of netbios.
You should also disable netbios in the tcp/ip settings. Read the article
I posted the link of. Have there been error messages in the eventlog
stating that the firewall service was unable to bind to certain ports?
Regarding the turning off of firewall clients, as I already said: this
has nothing to do with the protection of your network. Having said that
I wonder how the virus got in. Let me sleep over it ;)
Mark
-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Posted At: Wednesday, August 20, 2003 12:34 AM
Posted To: www.isaserver.org
Conversation: [isalist] RE: Is TCP 135 clamped down?
Subject: [isalist] FW: RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Mark
Just discovered on the External Interfacr "Client For MS
Networks was ticked" as well as "File / Printer Sharing". I have now
unticked this!
Any comments?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Mark Hippenstiel
[mailto:M.Hippenstiel@xxxxxxxxxxxx]
Sent: 19 August 2003 21:18
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Hi Simon,
sorry I don't quite understand your question, but it's
late already. If you plug an infected sytsem into the network and
nothing is patched you'll end up having blaster on all your machines
(including SBS/ISA).
Having the MS network client bound to the external
interface exposes tcp 135 to the internet. Anyone correct me if that's
wrong, that's what I recall. This could be another way for the virus to
get in.
The virus gets into a system via port 135. As long as a
system's not patched, it is vulnerable to the exploit. It doesn't matter
if it's a server or workstation. Once infected, the machine will try to
establish the virus on all machines on the same subnet.
I can't think of any other ways the virus could have got
into the network. Well that's not exactly true, my mail scanner isolated
an email with msblast.exe attached, but this was on purpose :) The virus
itself does not contain a mass email element.
Hope I could help.
Mark
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: isaserver@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
