http://msmvps.com/blogs/harrywaldron/archive/2004/05/09/6125.aspxThese high numbered ports should already be blocked in the firewall rules, but companies still applying the MS04-011 patch should verify this. MS04-011 Sasser.E (new ports 1022 and 1023) http://secunia.com/virus_information/9263/sasser.e/ http://vil.naienCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/harrywaldron/archive/2004/05/09/6125.aspx#6145Sun, 09 May 2004 20:06:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:6145TrackBackMS04-011 Sasser.E (new ports 1022 and 1023)<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=6145" width="1" height="1">