Hi John I do appreciate your comments on all matters concerned. I would however like to defend myself a little if you don't mind. A while ago I posted a question to the "Would AV plugin stop VPN infections?" thread asking people's comments on best antivirus programs, experiences, strategies etc. The reason I asked is because it is my experience that FSecure AntiVirus is always "behind the times", and virii such as Nimda, CIH, Melissa and now lately Blaster, Nachi & Welchia do not appear to be blocked by FSecure as soon as they are made public knowledge. This obviously hampers my removal strategy as I then have to go and download removal tools from other websites, or even better, write my own code in my Login Script to hunt down and kill the infections. With the information presented to you in my last thread I can understand your comment about me not belonging on this list, but for brevity's sake I did not wish to bore everybody with all my troubles & woes. Instead I try to get to the point quickly so that whomsoever wishes to listen and comment constructively may do so. As it remains, I am responsible for 1500 workstations and 40 Windows 2000 servers. Budgets are not always that lenient when it comes to spending on technology to improve existing strategies or embark on new ones, so to quote one of the great American Presidents: "I do what I can, where I am, with what I have" Thanks William R. -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: 22 September 2003 18:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Test for Internet Link availability http://www.ISAserver.org Instead of trying to find a work around, fix the problem. If you link is saturated with outbound requests for the RPC patch, you need to fix your network. Get AV software and clean the computers now. BTW, if this is the case, you are fortunate your ISP has not locked you out. If your link is saturated with inbound pings, block them at the router or request your ISP to do so. If your link is saturated with outbound pings, you have no business on this list. You need to learn some basic networking principles, like virus protection. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Monday, September 22, 2003 2:30 AM To: [ISAserver.org Discussion List] Subject: [isalist] Test for Internet Link availability http://www.ISAserver.org Hi there With the impact of the Welchia worm I find that I am experiencing a fair amount of hassle regarding the availability of my Internet Link. The primary reason being that all the outbound requests for the RPC patch from the WUpdate site and the ICMP echoes are just bringing down my link. What I find then happens is that my DNS goes for a ball of chalk - on both my DNS Servers. I then have to restart the DNS Services on my 2 DC's and then they work just fine again - for a while. What I was wondering if anyone knew how to perform some sort of "result check" for the NSLOOKUP command? I can schedule a job to continuously perform an NSLOOKUP every 30 minutes or so, but I need to catch the exception when the NSLOOKUP fails so that I know when to restart the DNS. Does anyone have any advice for me on this? (Apart from removing the infection. Which I am currently busy with :-) ) The thing is, even without the Welchia worm, my DNS also has a little wobble about once a week anyway, so writing such a "DNS Test" script could prove worth my while. Cheers William R. _____ William Robertson AST Mpumalanga Systems House / Consultant: Software Tel: 013-2472703 / 083 638 0354 Fax: 013-2462236 --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. --------------------------------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. ---------------------------------------------------------------------