Apply Blaster worm patch?

I looked at MS operating system needing the patch and
although they are specific to operating system(advanced
server,etc)they do not mention W2K SBS. Should admins
apply the W2K server patch on W2K Small Business Servers?

Thanks

Jm
Tue Aug 12 18:43:42 CDT 2003

If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 & 135 are
"stealthed" Is there still a real threat with-out the patch?

--
Jm
www.jmconsultingllc.com
www.jmconsultingllc.com/catalog.htm (Website Templates)
www.jmconsultingllc.com/aspforum (Brand New Free Forum)
Go Ahead, Check it out, after all, it's free!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"Dave Nickason" <gwdibble@frontiernet.net> wrote in message
news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> Yes
>
>
> "Mark" <msenia@bigpond.net.au> wrote in message
> news:108301c36123$74de2110$a001280a@phx.gbl...
> > I looked at MS operating system needing the patch and
> > although they are specific to operating system(advanced
> > server,etc)they do not mention W2K SBS. Should admins
> > apply the W2K server patch on W2K Small Business Servers?
> >
> > Thanks
>
>

Susan
Tue Aug 12 19:10:24 CDT 2003

Yes... all it takes is a modem on a desktop, a infected laptop VPNing in....

Just patch ...that way you don't have to play Russian roulette you know you will
be protected.

Jm wrote:

> If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 & 135 are
> "stealthed" Is there still a real threat with-out the patch?
>
> --
> Jm
> www.jmconsultingllc.com
> www.jmconsultingllc.com/catalog.htm (Website Templates)
> www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> Go Ahead, Check it out, after all, it's free!
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > Yes
> >
> >
> > "Mark" <msenia@bigpond.net.au> wrote in message
> > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > I looked at MS operating system needing the patch and
> > > although they are specific to operating system(advanced
> > > server,etc)they do not mention W2K SBS. Should admins
> > > apply the W2K server patch on W2K Small Business Servers?
> > >
> > > Thanks
> >
> >

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your
patches. Demand better security from vendors and hold them
responsible. Use what you have, and make sure you know how
to use it properly and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

Jm
Tue Aug 12 19:17:26 CDT 2003

Thanks, I'm in the process of patching the server, but the Xp Pro client,
will not take the patch.
Wouldn't this be nice, if there were never any problems with computers..

Hmm, I'm getting a error stating that the filename
(WindowsXP-KB823980-x86-ENU.exe) is not a valid Win32 application. Any
thoughts?

--
Jm
www.jmconsultingllc.com
www.jmconsultingllc.com/catalog.htm (Website Templates)
www.jmconsultingllc.com/aspforum (Brand New Free Forum)
Go Ahead, Check it out, after all, it's free!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:3F3981F0.2085F3B8@pacbell.net...
> Yes... all it takes is a modem on a desktop, a infected laptop VPNing
in....
>
> Just patch ...that way you don't have to play Russian roulette you know
you will
> be protected.
>
> Jm wrote:
>
> > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 & 135
are
> > "stealthed" Is there still a real threat with-out the patch?
> >
> > --
> > Jm
> > www.jmconsultingllc.com
> > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > Go Ahead, Check it out, after all, it's free!
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > Yes
> > >
> > >
> > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > I looked at MS operating system needing the patch and
> > > > although they are specific to operating system(advanced
> > > > server,etc)they do not mention W2K SBS. Should admins
> > > > apply the W2K server patch on W2K Small Business Servers?
> > > >
> > > > Thanks
> > >
> > >
>
> --
> "Don't lose sight of security. Security is a state of being,
> not a state of budget. He with the most firewalls still does
> not win. Put down that honeypot and keep up to date on your
> patches. Demand better security from vendors and hold them
> responsible. Use what you have, and make sure you know how
> to use it properly and effectively."
> ~Rain Forest Puppy
> http://www.wiretrip.net/rfp/txt/evolution.txt
>
>

Jm
Tue Aug 12 20:05:42 CDT 2003

nope, took the 32bit file. But maybe the reason it won't work, is because I
did a windows update the other day. Windows Update, when it's worked in the
last 2 days, shows I have no updates.

For some reason, I was thinking patches were different from win updates.

Since I have you here reading my messages Susan, which is better to leave
the server as: Logged in as Admin w/ screensaver password or logged out from
Admin when I am not using it?

Thanks for your ideas.

--
Jm
www.jmconsultingllc.com
www.jmconsultingllc.com/catalog.htm (Website Templates)
www.jmconsultingllc.com/aspforum (Brand New Free Forum)
Go Ahead, Check it out, after all, it's free!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:3F398852.6735D1F9@pacbell.net...
> Why not just run Windows update on the XP... you may have grabbed the 64
bit
> file?
>
> Jm wrote:
>
> > Thanks, I'm in the process of patching the server, but the Xp Pro
client,
> > will not take the patch.
> > Wouldn't this be nice, if there were never any problems with computers..
> >
> > Hmm, I'm getting a error stating that the filename
> > (WindowsXP-KB823980-x86-ENU.exe) is not a valid Win32 application. Any
> > thoughts?
> >
> > --
> > Jm
> > www.jmconsultingllc.com
> > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > Go Ahead, Check it out, after all, it's free!
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> > wrote in message news:3F3981F0.2085F3B8@pacbell.net...
> > > Yes... all it takes is a modem on a desktop, a infected laptop VPNing
> > in....
> > >
> > > Just patch ...that way you don't have to play Russian roulette you
know
> > you will
> > > be protected.
> > >
> > > Jm wrote:
> > >
> > > > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 &
135
> > are
> > > > "stealthed" Is there still a real threat with-out the patch?
> > > >
> > > > --
> > > > Jm
> > > > www.jmconsultingllc.com
> > > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > > Go Ahead, Check it out, after all, it's free!
> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >
> > > > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > > > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > > Yes
> > > > >
> > > > >
> > > > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > > > I looked at MS operating system needing the patch and
> > > > > > although they are specific to operating system(advanced
> > > > > > server,etc)they do not mention W2K SBS. Should admins
> > > > > > apply the W2K server patch on W2K Small Business Servers?
> > > > > >
> > > > > > Thanks
> > > > >
> > > > >
> > >
> > > --
> > > "Don't lose sight of security. Security is a state of being,
> > > not a state of budget. He with the most firewalls still does
> > > not win. Put down that honeypot and keep up to date on your
> > > patches. Demand better security from vendors and hold them
> > > responsible. Use what you have, and make sure you know how
> > > to use it properly and effectively."
> > > ~Rain Forest Puppy
> > > http://www.wiretrip.net/rfp/txt/evolution.txt
> > >
> > >
>
> --
> "Don't lose sight of security. Security is a state of being,
> not a state of budget. He with the most firewalls still does
> not win. Put down that honeypot and keep up to date on your
> patches. Demand better security from vendors and hold them
> responsible. Use what you have, and make sure you know how
> to use it properly and effectively."
> ~Rain Forest Puppy
> http://www.wiretrip.net/rfp/txt/evolution.txt
>
>

Jm
Tue Aug 12 20:37:41 CDT 2003

Same here. Just wondering, you know, wanting to follow best practices.

I got the answer about the update. I checked my registry and found that the
patch was applied on 7/16/2003
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980)

Thanks for your timely responses and help again.

--
Jm
www.jmconsultingllc.com
www.jmconsultingllc.com/catalog.htm (Website Templates)
www.jmconsultingllc.com/aspforum (Brand New Free Forum)
Go Ahead, Check it out, after all, it's free!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:3F399497.FFD3A508@pacbell.net...
> Mine's logged in as admin with a screen/password...don't know if that's
the best
> but it's the easiest for me.
>
> Jm wrote:
>
> > nope, took the 32bit file. But maybe the reason it won't work, is
because I
> > did a windows update the other day. Windows Update, when it's worked in
the
> > last 2 days, shows I have no updates.
> >
> > For some reason, I was thinking patches were different from win updates.
> >
> > Since I have you here reading my messages Susan, which is better to
leave
> > the server as: Logged in as Admin w/ screensaver password or logged out
from
> > Admin when I am not using it?
> >
> > Thanks for your ideas.
> >
> > --
> > Jm
> > www.jmconsultingllc.com
> > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > Go Ahead, Check it out, after all, it's free!
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> > wrote in message news:3F398852.6735D1F9@pacbell.net...
> > > Why not just run Windows update on the XP... you may have grabbed the
64
> > bit
> > > file?
> > >
> > > Jm wrote:
> > >
> > > > Thanks, I'm in the process of patching the server, but the Xp Pro
> > client,
> > > > will not take the patch.
> > > > Wouldn't this be nice, if there were never any problems with
computers..
> > > >
> > > > Hmm, I'm getting a error stating that the filename
> > > > (WindowsXP-KB823980-x86-ENU.exe) is not a valid Win32 application.
Any
> > > > thoughts?
> > > >
> > > > --
> > > > Jm
> > > > www.jmconsultingllc.com
> > > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > > Go Ahead, Check it out, after all, it's free!
> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >
> > > > "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
<sbradcpa@pacbell.net>
> > > > wrote in message news:3F3981F0.2085F3B8@pacbell.net...
> > > > > Yes... all it takes is a modem on a desktop, a infected laptop
VPNing
> > > > in....
> > > > >
> > > > > Just patch ...that way you don't have to play Russian roulette you
> > know
> > > > you will
> > > > > be protected.
> > > > >
> > > > > Jm wrote:
> > > > >
> > > > > > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444,
69 &
> > 135
> > > > are
> > > > > > "stealthed" Is there still a real threat with-out the patch?
> > > > > >
> > > > > > --
> > > > > > Jm
> > > > > > www.jmconsultingllc.com
> > > > > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > > > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > > > > Go Ahead, Check it out, after all, it's free!
> > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > > >
> > > > > > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > > > > > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > > > > Yes
> > > > > > >
> > > > > > >
> > > > > > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > > > > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > > > > > I looked at MS operating system needing the patch and
> > > > > > > > although they are specific to operating system(advanced
> > > > > > > > server,etc)they do not mention W2K SBS. Should admins
> > > > > > > > apply the W2K server patch on W2K Small Business Servers?
> > > > > > > >
> > > > > > > > Thanks
> > > > > > >
> > > > > > >
> > > > >
> > > > > --
> > > > > "Don't lose sight of security. Security is a state of being,
> > > > > not a state of budget. He with the most firewalls still does
> > > > > not win. Put down that honeypot and keep up to date on your
> > > > > patches. Demand better security from vendors and hold them
> > > > > responsible. Use what you have, and make sure you know how
> > > > > to use it properly and effectively."
> > > > > ~Rain Forest Puppy
> > > > > http://www.wiretrip.net/rfp/txt/evolution.txt
> > > > >
> > > > >
> > >
> > > --
> > > "Don't lose sight of security. Security is a state of being,
> > > not a state of budget. He with the most firewalls still does
> > > not win. Put down that honeypot and keep up to date on your
> > > patches. Demand better security from vendors and hold them
> > > responsible. Use what you have, and make sure you know how
> > > to use it properly and effectively."
> > > ~Rain Forest Puppy
> > > http://www.wiretrip.net/rfp/txt/evolution.txt
> > >
> > >
>
> --
> "Don't lose sight of security. Security is a state of being,
> not a state of budget. He with the most firewalls still does
> not win. Put down that honeypot and keep up to date on your
> patches. Demand better security from vendors and hold them
> responsible. Use what you have, and make sure you know how
> to use it properly and effectively."
> ~Rain Forest Puppy
> http://www.wiretrip.net/rfp/txt/evolution.txt
>
>

Jeff
Tue Aug 12 23:33:47 CDT 2003

The test you did at GRC proves absolutely nothing about your security other
than that your ports aren't open by default.

The default installation of ISA server is going to allow a worm to exit
through the ports mentioned, even if it can't enter that way. Therefore,
what you learned at GRC as the good news is that 135 was closed. What you
learned nothing about is that the other ports that would be opened outbound
if you got infected will be opened dynamically....and this isn't wrong, but
it isn't right....I'm just telling you not to get complacent about GRC
readings on those ports. The 135 is the way it can enter, the others are
exits, and even if they show closed at one point from an outside scan, this
doesn't prevent dyanamic packet filters from opening the session outbound on
demand.


"Jm" <e_jmc@hotmail.com> wrote in message
news:OEzcHuSYDHA.2620@TK2MSFTNGP09.phx.gbl...
> If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 & 135
are
> "stealthed" Is there still a real threat with-out the patch?
>
> --
> Jm
> www.jmconsultingllc.com
> www.jmconsultingllc.com/catalog.htm (Website Templates)
> www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> Go Ahead, Check it out, after all, it's free!
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > Yes
> >
> >
> > "Mark" <msenia@bigpond.net.au> wrote in message
> > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > I looked at MS operating system needing the patch and
> > > although they are specific to operating system(advanced
> > > server,etc)they do not mention W2K SBS. Should admins
> > > apply the W2K server patch on W2K Small Business Servers?
> > >
> > > Thanks
> >
> >
>
>

Filippo
Wed Aug 13 03:43:53 CDT 2003

ok, but if I have no modems on the network, all the incoming ports closed by
hardware firewall,
the worm will not have any way to get in, so it will not get out from any
ports (all outgoing ports opened)

Thanks for sharing your experience and expertise

Filippo


"Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> ha scritto nel messaggio
news:%23TAEzOVYDHA.1916@TK2MSFTNGP12.phx.gbl...
> The test you did at GRC proves absolutely nothing about your security
other
> than that your ports aren't open by default.
>
> The default installation of ISA server is going to allow a worm to exit
> through the ports mentioned, even if it can't enter that way. Therefore,
> what you learned at GRC as the good news is that 135 was closed. What you
> learned nothing about is that the other ports that would be opened
outbound
> if you got infected will be opened dynamically....and this isn't wrong,
but
> it isn't right....I'm just telling you not to get complacent about GRC
> readings on those ports. The 135 is the way it can enter, the others are
> exits, and even if they show closed at one point from an outside scan,
this
> doesn't prevent dyanamic packet filters from opening the session outbound
on
> demand.
>
>
> "Jm" <e_jmc@hotmail.com> wrote in message
> news:OEzcHuSYDHA.2620@TK2MSFTNGP09.phx.gbl...
> > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 & 135
> are
> > "stealthed" Is there still a real threat with-out the patch?
> >
> > --
> > Jm
> > www.jmconsultingllc.com
> > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > Go Ahead, Check it out, after all, it's free!
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > Yes
> > >
> > >
> > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > I looked at MS operating system needing the patch and
> > > > although they are specific to operating system(advanced
> > > > server,etc)they do not mention W2K SBS. Should admins
> > > > apply the W2K server patch on W2K Small Business Servers?
> > > >
> > > > Thanks
> > >
> > >
> >
> >
>
>

Buddy
Wed Aug 13 03:56:01 CDT 2003

Don't forget to shut down all incomming email with attachments. Or just
patch.

"Filippo" <inutile@nospam.com> wrote in message
news:OG20abXYDHA.440@tk2msftngp13.phx.gbl...
> ok, but if I have no modems on the network, all the incoming ports closed
by
> hardware firewall,
> the worm will not have any way to get in, so it will not get out from any
> ports (all outgoing ports opened)
>
> Thanks for sharing your experience and expertise
>
> Filippo
>
>
> "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> ha scritto nel
messaggio
> news:%23TAEzOVYDHA.1916@TK2MSFTNGP12.phx.gbl...
> > The test you did at GRC proves absolutely nothing about your security
> other
> > than that your ports aren't open by default.
> >
> > The default installation of ISA server is going to allow a worm to exit
> > through the ports mentioned, even if it can't enter that way. Therefore,
> > what you learned at GRC as the good news is that 135 was closed. What
you
> > learned nothing about is that the other ports that would be opened
> outbound
> > if you got infected will be opened dynamically....and this isn't wrong,
> but
> > it isn't right....I'm just telling you not to get complacent about GRC
> > readings on those ports. The 135 is the way it can enter, the others
are
> > exits, and even if they show closed at one point from an outside scan,
> this
> > doesn't prevent dyanamic packet filters from opening the session
outbound
> on
> > demand.
> >
> >
> > "Jm" <e_jmc@hotmail.com> wrote in message
> > news:OEzcHuSYDHA.2620@TK2MSFTNGP09.phx.gbl...
> > > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 &
135
> > are
> > > "stealthed" Is there still a real threat with-out the patch?
> > >
> > > --
> > > Jm
> > > www.jmconsultingllc.com
> > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > Go Ahead, Check it out, after all, it's free!
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > >
> > > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > Yes
> > > >
> > > >
> > > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > > I looked at MS operating system needing the patch and
> > > > > although they are specific to operating system(advanced
> > > > > server,etc)they do not mention W2K SBS. Should admins
> > > > > apply the W2K server patch on W2K Small Business Servers?
> > > > >
> > > > > Thanks
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Javier
Wed Aug 13 06:45:49 CDT 2003

Filippo... you like to live in the edge :-)

There's always someway to infect your network (think a floppy, a usb drive,
e-mail... you name it)... so you need to patch it.

"Buddy Greenshield" <gcs-at-bendcable-dot-com> wrote in message
news:ObtvdjXYDHA.652@tk2msftngp13.phx.gbl...
> Don't forget to shut down all incomming email with attachments. Or just
> patch.
>
> "Filippo" <inutile@nospam.com> wrote in message
> news:OG20abXYDHA.440@tk2msftngp13.phx.gbl...
> > ok, but if I have no modems on the network, all the incoming ports
closed
> by
> > hardware firewall,
> > the worm will not have any way to get in, so it will not get out from
any
> > ports (all outgoing ports opened)
> >
> > Thanks for sharing your experience and expertise
> >
> > Filippo
> >
> >
> > "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> ha scritto nel
> messaggio
> > news:%23TAEzOVYDHA.1916@TK2MSFTNGP12.phx.gbl...
> > > The test you did at GRC proves absolutely nothing about your security
> > other
> > > than that your ports aren't open by default.
> > >
> > > The default installation of ISA server is going to allow a worm to
exit
> > > through the ports mentioned, even if it can't enter that way.
Therefore,
> > > what you learned at GRC as the good news is that 135 was closed. What
> you
> > > learned nothing about is that the other ports that would be opened
> > outbound
> > > if you got infected will be opened dynamically....and this isn't
wrong,
> > but
> > > it isn't right....I'm just telling you not to get complacent about GRC
> > > readings on those ports. The 135 is the way it can enter, the others
> are
> > > exits, and even if they show closed at one point from an outside scan,
> > this
> > > doesn't prevent dyanamic packet filters from opening the session
> outbound
> > on
> > > demand.
> > >
> > >
> > > "Jm" <e_jmc@hotmail.com> wrote in message
> > > news:OEzcHuSYDHA.2620@TK2MSFTNGP09.phx.gbl...
> > > > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69 &
> 135
> > > are
> > > > "stealthed" Is there still a real threat with-out the patch?
> > > >
> > > > --
> > > > Jm
> > > > www.jmconsultingllc.com
> > > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > > Go Ahead, Check it out, after all, it's free!
> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >
> > > >
> > > > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > > > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > > Yes
> > > > >
> > > > >
> > > > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > > > I looked at MS operating system needing the patch and
> > > > > > although they are specific to operating system(advanced
> > > > > > server,etc)they do not mention W2K SBS. Should admins
> > > > > > apply the W2K server patch on W2K Small Business Servers?
> > > > > >
> > > > > > Thanks
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Filippo
Wed Aug 13 07:06:44 CDT 2003

yes, you are right.

I am not against paching, but the problem is that I can't reboot all the
time,
so I try to make the network safe enough to stand attacks until I can
actually pach.


"Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> ha scritto nel
messaggio news:%230Yy7BZYDHA.2308@TK2MSFTNGP12.phx.gbl...
> Filippo... you like to live in the edge :-)
>
> There's always someway to infect your network (think a floppy, a usb
drive,
> e-mail... you name it)... so you need to patch it.
>
> "Buddy Greenshield" <gcs-at-bendcable-dot-com> wrote in message
> news:ObtvdjXYDHA.652@tk2msftngp13.phx.gbl...
> > Don't forget to shut down all incomming email with attachments. Or just
> > patch.
> >
> > "Filippo" <inutile@nospam.com> wrote in message
> > news:OG20abXYDHA.440@tk2msftngp13.phx.gbl...
> > > ok, but if I have no modems on the network, all the incoming ports
> closed
> > by
> > > hardware firewall,
> > > the worm will not have any way to get in, so it will not get out from
> any
> > > ports (all outgoing ports opened)
> > >
> > > Thanks for sharing your experience and expertise
> > >
> > > Filippo
> > >
> > >
> > > "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> ha scritto nel
> > messaggio
> > > news:%23TAEzOVYDHA.1916@TK2MSFTNGP12.phx.gbl...
> > > > The test you did at GRC proves absolutely nothing about your
security
> > > other
> > > > than that your ports aren't open by default.
> > > >
> > > > The default installation of ISA server is going to allow a worm to
> exit
> > > > through the ports mentioned, even if it can't enter that way.
> Therefore,
> > > > what you learned at GRC as the good news is that 135 was closed.
What
> > you
> > > > learned nothing about is that the other ports that would be opened
> > > outbound
> > > > if you got infected will be opened dynamically....and this isn't
> wrong,
> > > but
> > > > it isn't right....I'm just telling you not to get complacent about
GRC
> > > > readings on those ports. The 135 is the way it can enter, the
others
> > are
> > > > exits, and even if they show closed at one point from an outside
scan,
> > > this
> > > > doesn't prevent dyanamic packet filters from opening the session
> > outbound
> > > on
> > > > demand.
> > > >
> > > >
> > > > "Jm" <e_jmc@hotmail.com> wrote in message
> > > > news:OEzcHuSYDHA.2620@TK2MSFTNGP09.phx.gbl...
> > > > > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69
&
> > 135
> > > > are
> > > > > "stealthed" Is there still a real threat with-out the patch?
> > > > >
> > > > > --
> > > > > Jm
> > > > > www.jmconsultingllc.com
> > > > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > > > Go Ahead, Check it out, after all, it's free!
> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > >
> > > > >
> > > > > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > > > > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > > > Yes
> > > > > >
> > > > > >
> > > > > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > > > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > > > > I looked at MS operating system needing the patch and
> > > > > > > although they are specific to operating system(advanced
> > > > > > > server,etc)they do not mention W2K SBS. Should admins
> > > > > > > apply the W2K server patch on W2K Small Business Servers?
> > > > > > >
> > > > > > > Thanks
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Susan
Wed Aug 13 13:52:53 CDT 2003

<Susan mean mode on>
So why didn't you patch 4 weeks ago...or two weeks ago when Jeff pleaded with
you?

Filippo wrote:

> yes, you are right.
>
> I am not against paching, but the problem is that I can't reboot all the
> time,
> so I try to make the network safe enough to stand attacks until I can
> actually pach.
>
> "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> ha scritto nel
> messaggio news:%230Yy7BZYDHA.2308@TK2MSFTNGP12.phx.gbl...
> > Filippo... you like to live in the edge :-)
> >
> > There's always someway to infect your network (think a floppy, a usb
> drive,
> > e-mail... you name it)... so you need to patch it.
> >
> > "Buddy Greenshield" <gcs-at-bendcable-dot-com> wrote in message
> > news:ObtvdjXYDHA.652@tk2msftngp13.phx.gbl...
> > > Don't forget to shut down all incomming email with attachments. Or just
> > > patch.
> > >
> > > "Filippo" <inutile@nospam.com> wrote in message
> > > news:OG20abXYDHA.440@tk2msftngp13.phx.gbl...
> > > > ok, but if I have no modems on the network, all the incoming ports
> > closed
> > > by
> > > > hardware firewall,
> > > > the worm will not have any way to get in, so it will not get out from
> > any
> > > > ports (all outgoing ports opened)
> > > >
> > > > Thanks for sharing your experience and expertise
> > > >
> > > > Filippo
> > > >
> > > >
> > > > "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> ha scritto nel
> > > messaggio
> > > > news:%23TAEzOVYDHA.1916@TK2MSFTNGP12.phx.gbl...
> > > > > The test you did at GRC proves absolutely nothing about your
> security
> > > > other
> > > > > than that your ports aren't open by default.
> > > > >
> > > > > The default installation of ISA server is going to allow a worm to
> > exit
> > > > > through the ports mentioned, even if it can't enter that way.
> > Therefore,
> > > > > what you learned at GRC as the good news is that 135 was closed.
> What
> > > you
> > > > > learned nothing about is that the other ports that would be opened
> > > > outbound
> > > > > if you got infected will be opened dynamically....and this isn't
> > wrong,
> > > > but
> > > > > it isn't right....I'm just telling you not to get complacent about
> GRC
> > > > > readings on those ports. The 135 is the way it can enter, the
> others
> > > are
> > > > > exits, and even if they show closed at one point from an outside
> scan,
> > > > this
> > > > > doesn't prevent dyanamic packet filters from opening the session
> > > outbound
> > > > on
> > > > > demand.
> > > > >
> > > > >
> > > > > "Jm" <e_jmc@hotmail.com> wrote in message
> > > > > news:OEzcHuSYDHA.2620@TK2MSFTNGP09.phx.gbl...
> > > > > > If GRC (https://grc.com/x/portprobe=69) shows that ports, 4444, 69
> &
> > > 135
> > > > > are
> > > > > > "stealthed" Is there still a real threat with-out the patch?
> > > > > >
> > > > > > --
> > > > > > Jm
> > > > > > www.jmconsultingllc.com
> > > > > > www.jmconsultingllc.com/catalog.htm (Website Templates)
> > > > > > www.jmconsultingllc.com/aspforum (Brand New Free Forum)
> > > > > > Go Ahead, Check it out, after all, it's free!
> > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > > >
> > > > > >
> > > > > > "Dave Nickason" <gwdibble@frontiernet.net> wrote in message
> > > > > > news:O5HGuUSYDHA.2344@TK2MSFTNGP09.phx.gbl...
> > > > > > > Yes
> > > > > > >
> > > > > > >
> > > > > > > "Mark" <msenia@bigpond.net.au> wrote in message
> > > > > > > news:108301c36123$74de2110$a001280a@phx.gbl...
> > > > > > > > I looked at MS operating system needing the patch and
> > > > > > > > although they are specific to operating system(advanced
> > > > > > > > server,etc)they do not mention W2K SBS. Should admins
> > > > > > > > apply the W2K server patch on W2K Small Business Servers?
> > > > > > > >
> > > > > > > > Thanks
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your
patches. Demand better security from vendors and hold them
responsible. Use what you have, and make sure you know how
to use it properly and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt