About msba and Firewall

2005-10-19

About msba and Firewall

First, on the MS website, you can find out how to scan the machine behind firewall. There are several ports to enable and allow a process to access the network. For details, see the QA of mbsa, I will not say much; my situation is like this: all machines have firewall, including the servers deployed in mbsa; by default, all unknown outbound and inbound traffic is not allowed, so I want to know that mbsa is a data file downloaded from there: first, we find that the three data files to be downloaded are from Security Update catalog (wsusscan. cab), available from Http://go.microsoft.com/fwlink? Linkid = 39043 authorization catalog for Windows Update site access (muauth. Cab), available from Http://go.microsoft.com/fwlink? Linkid = 43266 Windows Update agent (if not already installed ): For x86-based computers (windowsupdateagent20-x86.exe), available from Http://go.microsoft.com/fwlink? Linkid = 43264, that is, the content to be downloaded is from go.microsoft.com. Then we use ping to analyze the IP Address: 207.46.196.55. Maybe what you see is different from what I see, because ms can use multiple servers to correspond to one domain name, we also need to add a record in the local hosts file to map go.microsoft.com to 207.46.196.55, because my firewall system is based on IP, it is not based on Domain Name; Start mbsa and use netstat when downloading it. Soon we can find that it is establishing a connection to 207.46.196.55: 80, OK to open the connection to this IP + port on the firewall; test again, find it still does not work, then use netstat, find it is still connected to a 202.47.29.29: 80; OK then open this port, done! Later, when we checked patch and security again, we found that it could not be downloaded normally. We found that the IP address connected to it had changed, and we also increased access to port 443 of an IP address, that is, SSL-based Web access; no way, you have to first open access to the ports 80 and 443 of all IP addresses.