[windows2000] Re: Conundrum: ICF and MSBlast

• From: Angus Macdonald <Angus.Macdonald@xxxxxxxxxxxxxxxxxxx>
• To: windows2000@xxxxxxxxxxxxx
• Date: Wed, 13 Aug 2003 11:42:12 +0100

Did you remove the msblast infection before plugging the security hole? Once
you are infected the security vulnerability doesn't matter. Fixing the RPC
vulnerability only stops you being infected in the first place.

-----Original Message-----
From: Joe Mulhall [mailto:Joe.Mulhall@xxxxxxxxxxxxx]
Sent: 13 August 2003 11:35
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Conundrum: ICF and MSBlast


Hi there,

I was infected by MSBlast the other day and hit again while repairing
it yet I was running Internet Connection Firewall (default config
including logging and no services enabled)

As Microsoft points out in MS03-026, "If you are using the Internet
Connection Firewall in Windows XP or Windows Server 2003 to protect your
Internet connection, it will by default block inbound RPC traffic from
the Internet."

Okay I should have patched anyway but the firewall should have
protected me. I checked the settings while I was patching and was hit
again...

Logs show nothing at all.

How was I infected?

Regards,

Joe Mulhall
MCSE, MCP+I, CCSA

Network Engineer

********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you
know, in most cases, CPU Utilization IS NOT the single biggest constraint to
scaling up?! Get this free white paper to understand the real constraints &
how to overcome them. SAVE MONEY by scaling-up rather than buying more
servers.
http://www.rtosoft.com/Enter.asp?ID=148
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know, 
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling 
up?! Get this free white paper to understand the real constraints & how to 
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=148
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast
• » [windows2000] Re: Conundrum: ICF and MSBlast

1. Home
2. windows2000
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---