Hey, I'm fine with TCP 135 if you restrict by source IP... but this is not what they are doing... I agree with you in that VPN's are the solution for this type of set up.... "Where is the open port key?" "Right next to the Any key." ;-p ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, November 03, 2003 12:22 PM Subject: [isalist] Re: Licensing http://www.ISAserver.org Hi Tim, Good article! And I agree that there is no sense in allowing inbound TCP 137, 138 and 139. But not allowing inbound TCP 135 is just DoS'ing yourself as you lose the total security and availabilty provided by the secure Exchange RPC filter publishing. Of course, if they're not using ISA, and just using a packet filter to allow the RPC connections via static packet filters, all I can say it OUCH. If they need this type of remote access, just use VPN. I got a BIG laugh regarding your analysis of the firewall admins. I deal with the "open port" button-heads every day :-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Thor [mailto:thor@xxxxxxxxxxxxxxx] Sent: Monday, November 03, 2003 2:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Licensing http://www.ISAserver.org By the way- I agree with your weekend rant. This one's for you, baby. http://www.securityfocus.com/columnists/195 ----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, November 03, 2003 10:57 AM Subject: [isalist] Re: Licensing http://www.ISAserver.org If the server is a member of a domain, it follows the licensing for the domain. What exactly are you trying to figure out? If you have one hundred local users, and you have the appropriate CALs for the domain, and you have the appropriate license for the server OS and ISA, then those one hundred users are fully licensed to use ISA. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: William Rascher [mailto:wrascher@xxxxxxxxxxxxxxxx] > Sent: Monday, November 03, 2003 10:45 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Licensing > > http://www.ISAserver.org > > What about the server OS that ISA is running on? > > William > > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Friday, October 31, 2003 16:29 > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Licensing > > > http://www.ISAserver.org > > There's no such thing as per-connection licensing for ISA. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Rascher William" <wrascher@xxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Friday, October 31, 2003 13:49 > Subject: [isalist] Licensing > > > http://www.ISAserver.org > > Does anyone know what happens with ISA (and any http connections) when the > concurrent licensed connections is exceeded? Are connections Q'ed? > > William > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > This message contains confidential information and is intended only for > the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange > Server Resource Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > All mail from this domain is virus-scanned with RAV. www.ravantivirus.com > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange > Server Resource Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > wrascher@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')