RE: Port 1433 outbound from my Firewall...?

• From: "Steve Moffat" <steve@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 5 Oct 2004 15:03:10 -0300

You have termites and woodpeckers in your pants where you come
from???....:) 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, October 05, 2004 2:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port 1433 outbound from my Firewall...?

http://www.ISAserver.org

..logs, not pants...
=^P

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message -----
From: "Steve Moffat" <steve@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, October 05, 2004 10:49
Subject: [isalist] RE: Port 1433 outbound from my Firewall...?


http://www.ISAserver.org

A couple of termites and a woodpecker...:))

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, October 05, 2004 10:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port 1433 outbound from my Firewall...?

http://www.ISAserver.org

What did you find in your logs?

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 5 Oct 2004 15:12:51 +0200
 "William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Unluckily I am still running on ISA2K...

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 04 October 2004 04:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port 1433 outbound from my Firewall...?

http://www.ISAserver.org

It's unlikely that the ISA MSDE could get infeted unless it's been
reconfigured to listen on one or more interfaces.
By default, ISA MSDE is not bound to any interface; it's strictly
memory-mapped networking on the box.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Mon, 4 Oct 2004 08:47:46 -0500
 "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org


This ISA 2004 (MSDE doing the logging)?  If so I'm guessing your ISA is
infected.  But at least it ain't getting' your internal network :)  If
you can, reboot your ISA and see if the problem goes away for a period
of time.  Then patch your box.  Slammer is only memory resident and
doesn't write files so an infection will go away with a reboot (until it
gets infected again).

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Monday, October 04, 2004 9:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Port 1433 outbound from my Firewall...?

http://www.ISAserver.org

Hi there

I am seeing something strange, and would appreciate some comment on this
please...

I have noticed an ever-increasing amount of UDP:1433 traffic in my
Packet Filter Log, the bugger is that my ISA's external IP Address is
shown as the source address. My semi-conclusion at this stage is that I
may have a SQL Slammer infected server/workstation in my midst, but I
would appreciate any and all analysis of the following excerpt (BTW, the
destination IP Address range varies quite immensely)

10/4/2004, 15:12:08, <ISA Ext NIC>, 5.0.255.19, Udp, 1434, 137, -,
BLOCKED, <ISA Ext NIC>, -, - 10/4/2004, 15:12:16, <ISA Ext NIC>,
0.0.255.19, Udp, 1433, 137, -, BLOCKED, <ISA Ext NIC>, -, - 10/4/2004,
15:12:16, <ISA Ext NIC>, 0.0.255.19, Udp, 1434, 137, -, BLOCKED, <ISA
Ext NIC>, -, - 10/4/2004, 15:12:19, <ISA Ext NIC>, 0.0.255.19, Udp,
1433, 137, -, BLOCKED, <ISA Ext NIC>, -, - 10/4/2004, 15:12:19, <ISA Ext
NIC>, 0.0.255.19, Udp, 1434, 137, -, BLOCKED, <ISA Ext NIC>, -, -
10/4/2004, 15:12:21, <ISA Ext NIC>, 0.0.255.19, Udp, 1433, 137, -,
BLOCKED, <ISA Ext NIC>, -, - 10/4/2004, 15:12:21, <ISA Ext NIC>,
0.0.255.19, Udp, 1434, 137, -, BLOCKED, <ISA Ext NIC>, -, -

Thanks
William R.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and opinions
are those of the sender unless clearly stated as being that of Columbus
Stainless. The person addressed in the e-mail is the sole authorised
recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the content
in any way. Whilst all reasonable steps are taken to ensure the accuracy
and integrity of information and data transmitted electronically and to
preserve the confidentiality thereof, no liability or responsibility
whatsoever is accepted if information or data is,for whatever reason,
corrupted or does not reach its intended destination.
---------------------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named 
above.

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum IT Solutions Ltd disclaims any 
liability for any action taken in connection of this E-Mail. The
comments or statements expressed in this E-Mail are not necessarily 
those of Optimum IT Solutions Ltd or its subsidiaries or affiliates.

administrator@xxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Port 1433 outbound from my Firewall...?
• » Re: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?
• » RE: Port 1433 outbound from my Firewall...?

1. Home
2. isalist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---