http://www.ISAserver.org
Fact - humans can't hear while their mouth is running.
Several folks have (unsuccessfully) tried to point out that your
assertion is based on no:
1. fact presented by Umesh
2. fact presented by that website
3. combination of either or neither of them
Must
Learn
To
Ask
For
Relevant
Information
-----Original Message-----
From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx]
Sent: Thursday, June 30, 2005 8:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
Like I said,I suspect his{the victim}ISA server to be misconfigured in
the
1st place;Server product possibly infected before install? His attempt
at
discovery with Stinger was doomed to fail. A corrupt registry ,being the
fruit of the firewall killer,could in turn be partially responsible for
the
ISA mis/dysfunctionality. No amount of "reconfiguration" will cure his
ills,that being the case.
I'm still curious about the Task Manager question.
thekevin
----- Original Message -----
From: "Ball, Dan" <DBall@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 30, 2005 9:57 PM
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I suggest you take a closer look at the link you provided. Yes, it
lists a lot of "Firewall Killer" Trojans. But, take a closer look at
what the website describes this as:
Quote:
Firewall Killer : Any hacker tool intended to disable a user's personal
firewall. Some will also disable resident anti-virus software.
Note the use of the phrase "user's personal firewall", which, by any
description, the ISA server is NOT. These are programs designed to
attack the home user, or employee workstation, they are NOT designed to
attack ISA servers. While they might have an effect, it won't be same
as on a workstation.
Note: A "properly configured" and "properly administrated" ISA server is
not susceptible to these trojans. The exception to this is some idiot
using the server as a workstation.
-----Original Message-----
From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx]
Sent: Thursday, June 30, 2005 8:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I just got through learning this scenario the hard way,for about 2
weeks.A total of 14- 17 fresh installs on 2 seperate machines which in
some
cases netted a trojan in the 1st 30 seconds of connectivity behind 2
isolated NAT routers.
The word is "prolific". I would have thought you "Black Hat" people
would
have beat me to the punch on this one,or any other reported ISA failure.
To
my knowledge,ISA has never been defeated at the External
interface,leaving
me to further believe that his{the victim} ISA server was/is
misconfigured
to begin with.
1.What causes ISA server to "crash" intermittently or regularly,every "4
hours"?
2.At the same time,generating a "Web Proxy Failure" entry in Event
Viewer?
Same scenario>Same Software>different location,3 weeks later.
The word is "parallel".
Take a look at what's waiting for us all.
http://www3.ca.com/securityadvisor/pest/browse.aspx?cat=Firewall%20Kille
r
Then take a look at the recommended course of action upon the discovery
of
infection.
3.Will ISA function with a corrupt registry?
4.What is the fastest way to acquire a clean registry?
5.Is this a DC that has possibly been compromised?
6.Is time = {lots of} money here?
Both the current victim and I,I'm sure, are open to constructive
suggestions
and analysis.
Thanks,
thekevin
----- Original Message -----
From: "Ball, Dan" <DBall@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 30, 2005 6:49 AM
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I believe that his point was that by simply hearing that the server is
hanging, you've already diagnosed it as a polymorphic trojan infection.
That is a bit (okay, more than a bit) premature.
If indeed it IS infected, your recommended course of action isn't as
far-fetched, but it is simply way too soon to jump to that conclusion.
-----Original Message-----
From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx]
Sent: Thursday, June 30, 2005 7:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
Ever tried to get rid of a polymorphic Firewall killer
otherwise?...Before your ISP kills your connection due to the port
scanning/virus distribution coming from the machine in question? A boot
disk
might be more accessible than a copy of DELPART for most.
thekevin
----- Original Message -----
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 30, 2005 2:18 AM
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
Wow. With the little bit of information provided by the poster, you
clearly
diagnosed his server problem and provided a clear solution, FDISK.
Personally, I prefer DELPART.
Gees, I have not heard reformat used so easily in a while.
John T
eServices For You
-----Original Message-----
From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx]
Sent: Wednesday, June 29, 2005 6:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I had a similar problem recently.I would guess your base server
machine
is
infected with something along the lines of MultiBot Pro,which is a
successful Firewall/Antivirus killer. A reinstall of the O/S is
required,that being the case as almost all of these trojans are
polymorphic.If you don't Fdisk your Boot drive FIRST,your wasting your
time.
Remember to do your reinstall DISCONNECTED from the internet.W2000
family
is
highly vulnerable to the net nowadays without ALL the patchs.Don't
forget
Microsoft's new AntiSpyware Beta 1 which is currently KING and will
catch
and remove what has been eating all other Anti V and firewalls for
breakfast. It's also FREE!!!
Happy hunting,
thekevin
----- Original Message -----
From: "Umesh" <umeshblr@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, June 29, 2005 1:25 AM
Subject: [isalist] ISA Server crashes
> http://www.ISAserver.org
>
> Hi,
> I have ISA 2000 server with sp2 and hotfix installed.It gets hanged
> frequently atleast for every 4 hrs.In the event log it shows ISA
cache
> initialization failed.What it means?Can anynone help me out to solve
this
> issues?Is there any patches available?
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thekevin@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thekevin@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
