blaster worm help

blaster worm help

Post by Martin Blackstone [MVP - Exchange » Tue, 19 Aug 2003 23:38:37



Chances are that your ISP has blocked all port 135 access. You wont be able
to get around this without using VPN.

--
Martin Blackstone
MVP - Exchange

http://www.swinc.com/resource/exchange.htm

http://www.swinc.com/resource/e2kfaq_appxc.htm

Quote:> I run a exchange server 5.5. I applied the blaster worm
> patch to the server and now my outlook users cannot
> connect to the server. My internal outlook uses can. is
> port 135 lock out from the outside world somehow???

 
 
 

blaster worm help

Post by MVP » Tue, 19 Aug 2003 23:42:12


Yes, it sure sounds like it.  A ton of ISPs are now blocking port 135.  You
should implement a VPN solution; Windows natively supports VPN solutions
such as PPTP and L2TP (for L2TP you need W2K or higher).  Opening port 135
to the Internet  leaves your network very vulnerable.

Another quick solution is to throw up an Outlook Web Access server and open
port 80 to that server.

Missy

Quote:> I run a exchange server 5.5. I applied the blaster worm
> patch to the server and now my outlook users cannot
> connect to the server. My internal outlook uses can. is
> port 135 lock out from the outside world somehow???


 
 
 

blaster worm help

Post by andrew sword [mvp » Wed, 20 Aug 2003 10:06:37


I would talk to your ISP and see what they have done as
mentioned in the other replys.
Quote:>-----Original Message-----
> I run a exchange server 5.5. I applied the blaster worm
>patch to the server and now my outlook users cannot
>connect to the server. My internal outlook uses can. is
>port 135 lock out from the outside world somehow???
>.

 
 
 

blaster worm help

Post by emma » Thu, 21 Aug 2003 19:18:53


Hello Andrew

In order for an Outlook client to establish proper communication with an
Exchange Server, it needs to use TCP/IP port 135. This means that TCP/IP
port 135 has to be enabled on all routers (and firewalls) in a packet's path
for RPC communication to work. This condition cannot always be ensured
because several routers on the Internet disable TCP/IP port 135.

Mapi Client connections such as Exchange Clients and Outlook Clients connect
to the Exchange servers over Port135, if the port is now secured over the
internet it is not possible to connect using Mapi from this location
anymore.

There are many alternative ways which can be secured to connect to the
Exchange server, eg. using Pop3, Imap4 or Outlook Web Access which your
users from the internet can now use to connect to the Servers.

Emma.



Quote:> I would talk to your ISP and see what they have done as
> mentioned in the other replys.

> >-----Original Message-----
> > I run a exchange server 5.5. I applied the blaster worm
> >patch to the server and now my outlook users cannot
> >connect to the server. My internal outlook uses can. is
> >port 135 lock out from the outside world somehow???
> >.

 
 
 

blaster worm help

Post by NuT CrAcKe » Sat, 23 Aug 2003 14:18:59


I can understand running with port 135 open several years ago, but as of the
last few years, this has been strongly discouraged.

folks that do these types of things are begging for trouble.

NuTs


Quote:> I run a exchange server 5.5. I applied the blaster worm
> patch to the server and now my outlook users cannot
> connect to the server. My internal outlook uses can. is
> port 135 lock out from the outside world somehow???

 
 
 

1. Blaster Worm - Cant install patch

Hello
We are using Exchange 5.5 SP4 on NT4 with SP6A.

I cant install the path for Blaster Worm on Exchange.
The setup.log for in \Winnt\Repair\ is emtpy.
So the patch want install.
Microsoft has an article how to fix the setup.log problem.
But it can take a while and the worm is spreading on our
net fast.

I was wonder if I can start an listning process (perl
honeypot) on port 4444 to tie up this port so Blaster Worm
cant listning on the port.
Is it possibly or does Exchange use the port 4444 for
something?.
This would just be an temporary solution until the
setup.log is fixed.

//Anders Andersson

2. Change IP adress

3. SWEN Worm help

4. Forestprep & Domainprep

5. Help -- worm attack

6. Tunderbyte Anti Virus for Exchange

7. Blaster Patch on Exchange Box

8. Notification Stamp for all outgoing Email

9. Sound Blaster Live Value

10. Red-Worm Patch : Information Store Terminated Unexpectedly

11. sending emails to old address with the w32.sobig worm

12. how to avoid the mass-mailing worm

13. w32.Welchia.worm