Drop the scalpel give me words. Joseph -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 15, 2003 12:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] FW: VPN/Routing Hardware Solutions AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ Hey everyone, Here's a nice response I sent to some dunderhead on the Sunbelt software NTSYSADMIN list. Hope you enjoy it. I did :-) Tom www.isaserver.org/shinder -----Original Message----- From: Thomas W Shinder Sent: Wednesday, October 15, 2003 2:48 AM To: NT System Admin Issues Subject: RE: VPN/Routing Hardware Solutions Hi Don, Until you learn about how ISA handles RPC, you're giving all USA admins a *very bad name*. Maybe you're leaning on firewall concepts your learned a decade ago, but things have changed a bit since then. BTW -- I never said any about publishing over HTTPS. If I did, please point that out. PLEASE do your research! No wonder all the jobs are going over to India. I don't see this kind of poor research happen with my friends from over there, and I'm not even a fan of off-shoring. You really need to research things before showing your ignorance and prejudice. Until you can give a cogent reason for ignorantly and blindly blocking the RPC port mapper (other than laziness and incomptence) then as we used to say back in the day "shut the pie hole". HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Ely, Don [mailto:dely@xxxxxxxxxxxxxxxxxx] Sent: Monday, October 13, 2003 11:42 AM To: NT System Admin Issues Subject: RE: VPN/Routing Hardware Solutions I believe you'd be incorrect... While the "Firewall for Dummies" or ISA Server as Thomas calls it makes it simpler to publish RPC over HTTP/S, all of the major firewall vendors would have still prevented the RPC attack if the firewall was configured properly. -----Original Message----- From: Stephen I. Woolhead [mailto:Stephen.Woolhead@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, October 13, 2003 12:35 PM To: NT System Admin Issues Subject: RE: VPN/Routing Hardware Solutions > -----Original Message----- > From: Daniel Chenault [mailto:DanielC@xxxxxxxxxxxxxxxx] > Sent: 12 October 2003 19:00 > To: NT System Admin Issues > Subject: RE: VPN/Routing Hardware Solutions > > My $120 D-Link router here at the house handled the RPC/DCOM attacks with > aplomb. I have the logs to prove it. The difference, I think, is with ISA you could have published RPC from an un-patched internal Exchange server and ISA will protect it. A new feature of FR1 for ISA I believe especially for exchange. If you had published the same server via simple port forwarding, regardless if you used a Cisco or ISA, it (the exchange server) would have been at risk from the RPC attack until it was patched. Stephen. Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ This Month Sponsored By: iHateSpam Server Edition: http://www.sunbelt-software.com/rd/rd.cfm?id=030501BA-iHateSpamServer Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ This Month Sponsored By: iHateSpam Server Edition: http://www.sunbelt-software.com/rd/rd.cfm?id=030501BA-iHateSpamServer Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ This Month Sponsored By: iHateSpam Server Edition: http://www.sunbelt-software.com/rd/rd.cfm?id=030501BA-iHateSpamServer Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')