Dontcha just love picking up after the children? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Blake Al" <al.blake@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Cc: "ICT correspondence" <ICTcorrespondence@xxxxxxxxxxxxxxx> Sent: Thursday, December 13, 2001 13:51 Subject: [isalist] Re: Stop logging Netbios? http://www.ISAserver.org Thanks for the tip. The ISA server AND the router AND the LAN were all plugged into the same switch WITHOUT a VLAN. ie everything was connected to everything else. Long before I took up the job the organisation paid huge $$$ the an ISP/consultancy to install and configure the LAN and setup the security. This is just the latest in a string of security problems I found: 1. No access lists on boundary router. 2. Superuser password same on everything (and easy to guess) 3. ISA configured with 'allow everything all the time for everyone' 4. No anti-virus on mail 5. Internal mail server connected to Internet OUTSIDE of ISA server 6. No logging on anything 7. Tape backup of 5% of the servers only 8. No backup configurations on anything 9. No documentation on anything 10. Router & LAN & ISA all on same switch with no VLAN ....I'm sure I will find more......... Incidentally the ISP has now gone bust rather spectacularly. Looking at the quality of this installaiton I am not the least surprised. Finally, Rather than play aorund with switches and VLANs I just found an old 100TX hub and plugged the router and External NIC of the ISA server into that. Works perfectly and doesnt need configuration. Sometimes the simplest solutions are the safest ;) Thanks again. Al. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, 12 December 2001 2:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Stop logging Netbios? http://www.ISAserver.org Since the ISA external interface is seeing these broadcasts, it appears that it's sharing a hub with the LAN. Jim Harrison MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Blake Al" <al.blake@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 11, 2001 15:36 Subject: [isalist] Stop logging Netbios? http://www.ISAserver.org How can I stop my IPP log filling up with Netbios broadcasts (stops me seeing the interesting stuff when I am troubleshooting). Eg: I see all these LAN broadcasts. 2001-12-11 23:32:00 172.16.3.35 172.31.255.255 Udp 138 138 - BLOCKED 203.110.145.178 2001-12-11 23:32:00 172.16.2.218 172.31.255.255 Udp 138 138 - BLOCKED 203.110.145.178 2001-12-11 23:32:00 172.16.2.254 172.31.255.255 Udp 138 138 - BLOCKED 203.110.145.178 I have a rule that blocks all Netbios....and it is NOT logged. ...but it specifies the 'default external ISA IP' and 'any host'. How can I tell it not to log ANY netbios, from anywhere to anywhere? Or is there another way to stop LAN broadcasts ever getting to the external interface - so they dont have to get blocked there and appear in the log? Al Blake Australia ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: al.blake@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')