RE: ISA Server Crash - More Information
From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 04/01/04
- Previous message: Laurence Hartje: "RE: ISA Server Crash - More Information"
- Maybe in reply to: Bill Hays: "ISA Server Crash - More Information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Apr 2004 10:51:29 -0800 To: <wjhays@sbcglobal.net>, <focus-ms@securityfocus.com>
It's a basic function of Witty to destroy the root partition on the
first drive; that's why your second partition survived.
What version / release of BlackIce was running?
What is the ISA operating mode (cache, firewall, integrated)?
You can't "double-firewall" with ISA...
* Jim Harrison
MCP(NT4/2K), A+, Network+
Security Business Unit (ISA SE)
-----Original Message-----
From: Bill Hays [mailto:wjhays@sbcglobal.net]
Sent: Wednesday, March 31, 2004 4:53 PM
To: focus-ms@securityfocus.com
Cc: wjhays@sbcglobal.net
Subject: ISA Server Crash - More Information
I appreciate all the responses that I have received, but I still have
one big question. Everything that I have read doesn't say anything
about the Witty worm basically erasing a hard drive. Everything that I
have read states that it over-writes the data until the infected machine
crashes if it is not rebooted before it over-writes the boot sector;
which then can cause other serious problems. Am I missing something?
As requested by most everyone, here is more information on my system. I
want to tell everyone that this hard drive had two partitions and only
the second partition survived. The active partition was the one
erased/crashed. I am pretty certain that the C:\ partition was
completely empty. Can anyone advise? Also, the system was running ISA
and Black Ice cause that was the way it was configured by someone before
me. I inquired about this when I first started working here and was
told this was double security; I think more like double trouble
personally. As for whether or not Black Ice was updated I know as I
wasn't here when it was built and I haven't done any updates since I
arrived back in the last month.
Also can anyone please tell me if Win2K Server can in fact be formatted
while the system is up and running? I've been pretty lucky I guess in
all the years I've been doing this (8 yrs) that I've never had anything
like this happen.
Thanks again for everyone's help;
Bill Hays
IT Support Specialist
MCP (NT4&W2K)
------------------------------------------------------------------------
--- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301 ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301 ---------------------------------------------------------------------------
- Previous message: Laurence Hartje: "RE: ISA Server Crash - More Information"
- Maybe in reply to: Bill Hays: "ISA Server Crash - More Information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
