|
-
November 11th, 2004, 07:49 PM
#1
W2k Client and Telnet
Hi there,
I have a W2K workstation that is unable to pickup POP3 mail.
And in troubleshooting this ...I am unable to telnet...although I have several other W2K machines that are configure with the same settings...and they are able to do this.
Yes they are behind ISA 5 with the firewall client installed, Symantec AV 8.1 Client, all SP and updates...and with this one machine I cannot telnet out...or pickup POP3 mail with either OE Express or Outlook.
It does not apprear to have any other communication problems.
All other similar machines can telnet???
I was wondering if anyone knows of some malware that would be affecting the machine?
I have,
Rerun all updates, and SPs
Removed TCP\IP and reinstalled
Repaired and update MS office
Run AV scan
Run SB search and destroy.
Disabled firewall client
reinstalled firewall client
Checked host file
Checked reg run key
Removed gotomypc...reinstalled.
all the while testing between steps??
Am using a workaround for now (using the server to pull mail)and have trouble accessing the machine as it is in use all the time by user (VP). User likes to open everything...no matter how many times I tell him not to.
User has very limited access to network resources other that his personal files and email.
This is a fairly new install...user receives allot of spam, viruses etc as he is the main contact for sales. User has several machines that he uses the POP3 mail function for and runs gotomypc for a remote access.
I am thinking he connected with an infected machine and it has mucked up this one...some how
I am coming back in on the weekend to try and do somemore...
gonna remove gotomypc, firewall client,
gonna rremove the AV
Do an online AV scan
Format and reinstall????
Any other ideas would be greatly appreciated,....I have better things to do this weekend 
Help
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 11th, 2004, 10:57 PM
#2
Morgan:
Can you telnet to anything inside... like an SMTP port of an internal mail server?
I'm wondering if you don't have a blanket block on that box at the ISA server though I know nothing about ISA servers so I might be whistling in the wind.
Add to that another guess.... You can set up a VPN connection to an ISA server I think... Get rid of GoToMyPC as a method of accessing a corporate network..... It's contrary to almost any security model you'll ever find.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 11th, 2004, 11:07 PM
#3
Tiger,
Thank you for your reply.
Yes I can telnet inside the network.
I can telnet out to the mail from all other W2k machines...with or without the gotomypc..(we have 4)
Yes we have VPNs happening also..but we have applications that cannot be run over a vpn...(am looking at remote desktop in XP next upgrade)
this is unique to the machine...
Just ran a online av scan and ..nada..came clean 
Am leaving now...will be back later though if you have any other ideas???
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 11th, 2004, 11:12 PM
#4
I'd look to the ISA server...... Sounds like it is being blocked.... Do you log access at the server?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 12th, 2004, 03:42 AM
#5
yes there are logs, one with user, machine, app time etc
Just wondering if it could be a hardware issue...it is the only machine with a 3 com NIC???
I was going to try a spare kingston I have.
I cant see it being the ISA as other machines\users can get through....same group\policies\apps etc.....different NICs
But hey....I am no expert...definately on a vertical learning curve with security 
(never seems to end)
I looked at the isa today and didnt see anything...
Thanks for the suggestions...will post results.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 12th, 2004, 03:38 PM
#6
Well I appear to have fixed it...
I forced a SP4 install on top....
reinstalled the firewall client and it worked.
Not sure what happen to the install but I found it funny when I removed TCP\IP and reinstalled then went to the Windows update...it didnt want to update...all updates already installed....
I remember from the NT 4.0 days...if you reinstalled\added any component you had to reapply the SP even if winver still stated you had the latest SP installed.
This is the flaw with Windows update...as it just reads the registry entries and does not actually compare the dlls...
Any way...all fixed.
Thanks Tiger for the tip to look at the ISA ....I looked in the logs and as of the same time the mail stopped flowing...the client was no longer in the firewall logs...which said to me maybe the firewall client wasnt working properly...
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 12th, 2004, 05:53 PM
#7
Morgan:
Glad to hear.... And always remember what an old friend of mine told me.....
Sometimes this stuff is just voodoo..... 
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote