• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

how bagle works on a LAN?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> how bagle works on a LAN? Page: [1]
Login
Message << Older Topic   Newer Topic >>
how bagle works on a LAN? - 18.Jul.2004 2:12:00 AM   
zinno

 

Posts: 15
Joined: 14.Jul.2004
Status: offline
Sorry for the noob question, but there is some stuff i don't really understand about the worms of today "[Smile]"

scenario: 1 server 2003 with isa and internet connection & 1 infected client

If u have setup ISA-server, and one of your clients is infected with bagle and send out mail with his own bagel buildin SMTP server, will it use port 8866 (listed as port to block) to send these mails ?

If your ISA-server is set "allow all" policy for outbound traffic, will these mails still be send through port 8866 on the isa-server aswell?

So if i place a sniffer on port 8866 of the server i should be able to detect infected clients? "[Big
Post #: 1
RE: how bagle works on a LAN? - 29.Jul.2004 12:02:00 PM   
sosor

 

Posts: 27
Joined: 16.Jun.2003
From: Denmark
Status: offline
Well, If you permit tcp/udp from any to any it'll most certainly pass though your ISA server.

But! - In ISA 2000 the "All IP Traffic" only counts as what have been created in protocol definers.

A better way of creating rules might be to limit access to what you actually need.

Examples:
Your internal smtp needs access to your mailsweeper (if you have one) in the DMZ - Your clients most certainly dont.

Your internal DNS Servers needs to do outbound lookups using their forwarders - your clients don't. If you don't have internal dns server - they do =)

Clients might need access to ports 80/443 - and prefebly a virusscan filter such as Webshield or likewise.

Sniffing the LAN for outbound packets on specific ports could be handled by an IDS/IPS system - but using tcpdump/ethereal etc might give you waaay to much output if you end up with a few infected clients.

All depends on your security policy I guess.

Cheers,
S°ren Elleby S°rensen

(in reply to zinno)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> how bagle works on a LAN? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts