RE: SQSlammerL DoS Worm

• From: "Kevin S. Malinowski" <Kevin@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 27 Jan 2003 23:37:27 -0700

On your ISA server, navigater to the install directory of the ISA server. The 
default is c:\program files\Microsoft ISA Server and open the logfiles 
directory. In the log directory there will be log files starting with IPP... 
these are the packet filter logs. Look for any attempt from an external address 
on UDP port 1434.

(I will give two to one odds on a ten dollar bill, that if you are on a 
broadband or similar connection you will find some of these entries.)

HTH
Kevin

-----Original Message-----
From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx]
Sent: Monday, January 27, 2003 9:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] SQSlammerL DoS Worm


http://www.ISAserver.org


Hi Guys

How would I check if the above worm tried to attack the ISA server.

We do not publish or have SQL on the ISA server itself so am not worried,
but I would like to know.!!

Thanks

---------------------------------------------
  Raji Arulambalam       
  Systems Administrator          
  Environment Bay of Plenty 
  P O Box 364 Whakatane.
  NEW ZEALAND  
--------------------------------------------


******************************************************
This e-mail has been checked for viruses and no viruses were detected.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
kevin@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » SQSlammerL DoS Worm
• » Re: SQSlammerL DoS Worm
• » RE: SQSlammerL DoS Worm

1. Home
2. isalist
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---