Hi Shane, The fix is to clean the machines from the worm and stop all outbound access until you get things cleaned up. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: shane mullins [mailto:tsmullins@xxxxxxxxxxxxxx] Sent: Thursday, October 09, 2003 10:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] How to limit and deny worm traffic out http://www.ISAserver.org Many of our XP and 2000 machines recently picked up the Welchia and Nachi bugs. The really big problem was the amount of dns requests out. I followed the MS solution to deny port 135, 139, 445, 593, 3333, 4444, and 69 out. My question is how do I prevent all of the DNS queries out? Shane ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')