RE: How to limit and deny worm traffic out
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 9 Oct 2003 10:28:42 -0500
Hi Shane,
The fix is to clean the machines from the worm and stop all outbound
access until you get things cleaned up.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: shane mullins [mailto:tsmullins@xxxxxxxxxxxxxx]
Sent: Thursday, October 09, 2003 10:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] How to limit and deny worm traffic out
http://www.ISAserver.org
Many of our XP and 2000 machines recently picked up the Welchia and
Nachi
bugs. The really big problem was the amount of dns requests out. I
followed the MS solution to deny port 135, 139, 445, 593, 3333, 4444,
and 69
out. My question is how do I prevent all of the DNS queries out?
Shane
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
