RE: W2K Policies with ISA server....
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 29 Jan 2003 21:04:47 -0600
Hi Don,
Where are you seeing these IP address appear? In the firewall or Web
Proxy log? Ouch! If this is a business, you should review your network
usage policy and determine whether this is a legal matter. If so, you
should determine the ISP the IP address belongs to. Then see if the ISP
will work with you to identify the user account that logged into that IP
address that the time you have it logged. If the ISP won't or can't
cooperate with you, then you might need to bring law enforcement in and
press for a criminal investigation. If the authorities decide to press
the case, they can obtain a subpoena to get the information from the
ISP. Hopefully the name will match one of your employees. If not, you
might be able to match your phone records with the numbers used by the
ISP. If you can catch this in real time, and you have a simple network,
you might be able to use the arp cache to determine who the sluggo might
be. May Thor has some more ideas?
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Don McCall [mailto:DMcCall@xxxxxxxxxx]
Sent: Wednesday, January 29, 2003 5:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] W2K Policies with ISA server....
http://www.ISAserver.org
Thanks for all the information that passes through this list... I find
much of it really helpful...
We have a W2K AD domain running over a large WAN and all Internet
traffic passes through our ISA server then our PIX to the outside world.
We have had no problems for nearly a year however this last weekend I
have had some external IP addresses turn up on the INSIDE ...??? I
suspect I may have a user using a modem while connected to the LAN/WAN
Does anyone know if there is a policy to prevent the two connections
happening at the same time???
Thank you...
Don McCall
Systems Administrator
Baptist Community Services
Phone 02 9941 6049
Email dmccall@xxxxxxxxxx
Fax 02 9889 1520
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are
those of the individual sender, and are not necessarily the views of
Baptist Community Services. 2
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts: