Re: ISA Server attacked by DOS from Bobax.

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 20 May 2004 11:39:08 -0700

One of the drawbacks to the ISA 2000 design was the decision to "trust" the 
internal network.
You need to clean up your infected machines, because there's no policy you can 
set on the ISA to cause it to ignore this traffic; it 
MUST be evaluated...

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Alfredo" <agms@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, May 20, 2004 09:48
Subject: [isalist] ISA Server attacked by DOS from Bobax.


http://www.ISAserver.org

I have an ISA Server 2000 fully updated with Windows Server 2003 and
Antivirus fully updated, but some of the PCs in the internal network
became infected with Bobax.C and generate a lot of traffic on ports
5000,135,445 which causing the ISA Server to block access to the Internet.
The Server by itself can navigate but any user in the internal net can
not.
I tried blocking traffic from this ports using a port access rule denying
traffic with these ports as destination, but still get wacked by the
virus traffic.
With only one PC with the virus active, the server won't let anyone to
navigate.
I wonder if this is normal behaviour of the ISA Server or I missing
something.
Any help would be greatly appreciated.

Regards,

Alfredo Medina
Universidad Francisco Marroquin
Guatemala

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ISA Server attacked by DOS from Bobax.
• » Re: ISA Server attacked by DOS from Bobax.

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---