RE: Is TCP 135 clamped down?
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Aug 2003 23:18:22 +0200
Hi Simon,
sorry I don't quite understand your question, but it's late already. If
you plug an infected sytsem into the network and nothing is patched
you'll end up having blaster on all your machines (including SBS/ISA).
Having the MS network client bound to the external interface exposes tcp
135 to the internet. Anyone correct me if that's wrong, that's what I
recall. This could be another way for the virus to get in.
The virus gets into a system via port 135. As long as a system's not
patched, it is vulnerable to the exploit. It doesn't matter if it's a
server or workstation. Once infected, the machine will try to establish
the virus on all machines on the same subnet.
I can't think of any other ways the virus could have got into the
network. Well that's not exactly true, my mail scanner isolated an email
with msblast.exe attached, but this was on purpose :) The virus itself
does not contain a mass email element.
Hope I could help.
Mark
-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Posted At: Tuesday, August 19, 2003 11:55 PM
Posted To: www.isaserver.org
Conversation: [isalist] RE: Is TCP 135 clamped down?
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Mark
If someone accessed the PC behuind ISA, but still was NOT
patched, would it still cause an issue? Likewise, if the Server was not
patched, could the risk still occur?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: Mark Hippenstiel
[mailto:M.Hippenstiel@xxxxxxxxxxxx]
Sent: 19 August 2003 20:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
if you the client for microsoft networks has been bound
to the external interface, this might be a reason. Another possibility
is that someone plugged an infected system (eg notebook) into your
network.
-----Original Message-----
From: Simon Weaver
[mailto:Simon.Weaver@xxxxxxxx]
Posted At: Tuesday, August 19, 2003 11:18 PM
Posted To: www.isaserver.org
Conversation: [isalist] Is TCP 135 clamped down?
Subject: [isalist] RE: Is TCP 135 clamped down?
http://www.ISAserver.org
Dave
I ran the scan and it came back with STEALTH -
as if there was no real way to say TCP135 was Open :o)
So how did it get in?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>
-----Original Message-----
From: David V. Dellanno
[mailto:ddellanno@xxxxxxxxxx]
Sent: 19 August 2003 19:51
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is TCP 135
clamped down?
http://www.ISAserver.org
https://grc.com/x/ne.dll?bh0bkyd2
<http://grc.com>
ShieldsUP section at the bottom page,
Common Ports, All Service Ports
-----Original Message-----
From: Simon Weaver
[mailto:Simon.Weaver@xxxxxxxx]
Sent: Tuesday, August 19, 2003 4:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Is TCP 135 clamped
down?
http://www.ISAserver.org
Guys
Just a very quick question! I met a new
client that was infected by teh 2 latest worms going around the streets!
They are running SBS2k with ISA setup,
however the worm still got into the System.
Is there a way to prove TCP135 was being
protected? I have now patched the Server, and ALL workstations, as they
were all infected!
Finally, if the client PC's have the ISA
Firewall Client turned OFF, are they still able to access teh Internet,
WITHOUT Firewall Protection?
Thanks for your help
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
<http://www.iscl.net/>
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library:
http://www.secinf.net/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: ddellanno@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Confidentiality Notice:
This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
Confidentiality Notice:
This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library:
http://www.secinf.net/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: isaserver@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: isaserver@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
