ISA Logs with anonymous users, IP's and trafic???
- From: "jim Porfiris" <jim.porfiris@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 24 Sep 2001 08:33:28 -0600
Can you help me in this problem ...
I'm using ISA to control my inbound and outbound request in my company. My
web site is www.origin.gr and my company works with Athens stock Exchange
(we are giving the feed to our customers). On 20-10-01 I found that in
ISALogs directory the firewall and web logging was full of visits from
unknown users to sites that have to do with nudes pictures even sites with
nude kids... The size of each log file was 20-25 MB. I have an 128k
internet and the only think I do is to get data from some of our dealers
sites, an amount of 40Kbytes per minute and some downloads I do. No other
user is using this bandwidth (that is because I?ve made rules in ISA not
to). By any Time in Sessions monitor I have Web and Firewall Connections
from IP's that the only thing is not seeing is my Site, which is actually
under construction and have nothing to give write now... I've made a port
scan and check my drives for Trojans but I?ve still made nothing... I'm
sending you a session of this log files with this unknown hints if you can
tell me something.
Firewall Log:
-------------
#Fields:
c-ip cs-username c-agent date time s-computername r-host r-ip r-port
time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation
sc-status sessionid connectionid
24.164.156.179 - - 2001-09-20 22:03:35 ZEUS - 194.117.194.120 6662 14516
52 - 6662 TCP Connect 20000 61012 39744
213.236.19.45 - - 2001-09-20 00:02:07 ZEUS - 213.4.91.34 6667 265 - - 6667
TCP Connect 0 12405 34178
213.236.19.45 - - 2001-09-20 00:02:08 ZEUS - 213.4.91.34 6667 968 - - 6667
TCP Connect 20000 12405 34178
213.236.19.45 - - 2001-09-20 00:02:19 ZEUS - 213.4.91.34 6667 156 - - 6667
TCP Connect 0 12406 34179
213.236.19.45 - - 2001-09-20 00:02:20 ZEUS - 213.4.91.34 6667 640 - - 6667
TCP Connect 20000 12406 34179
213.236.19.45 - - 2001-09-20 00:02:41 ZEUS - 213.4.91.34 6667 235 - - 6667
TCP Connect 0 12407 34180
213.236.19.45 - - 2001-09-20 00:02:42 ZEUS - 213.4.91.34 6667 985 - - 6667
TCP Connect 20000 12407 34180
213.96.87.28 - - 2001-09-20 00:53:58 ZEUS - 62.81.156.182 6667 172 - -
6667 TCP Connect 0 12448 34267
62.81.156.182 - - 2001-09-20 00:53:58 ZEUS - 62.81.156.182 6667 187 - -
6667 TCP Connect 0 12449 34268
62.81.156.182 - - 2001-09-20 00:53:58 ZEUS - 62.81.156.182 6667 375 - -
6667 TCP Connect 20000 12449 34268
213.96.87.28 - - 2001-09-20 00:53:58 ZEUS - 62.81.156.182 6667 906 77 -
6667 TCP Connect 20001 12448 34267
62.81.156.182 - - 2001-09-20 00:53:59 ZEUS - 62.81.156.182 6667 172 - -
6667 TCP Connect 0 12450 34269
62.81.156.182 - - 2001-09-20 00:53:59 ZEUS - 62.81.156.182 6667 360 - -
6667 TCP Connect 20000 12450 34269
213.96.87.28 - - 2001-09-20 00:54:11 ZEUS - 62.81.156.182 6667 172 - -
6667 TCP Connect 0 12451 34270
213.96.87.28 - - 2001-09-20 00:54:12 ZEUS - 62.81.156.182 6667 360 - -
6667 TCP Connect 20000 12451 34270
Web Log:
--------
#Fields:
c-ip cs-username c-agent date time s-computername cs-referred r-host r-ip
r-port time-taken cs-bytes sc-bytes cs-protocol s-operation cs-uri
s-object-source sc-status
213.151.37.227 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Windows
98) 2001-09-20 00:00:00 ZEUS - patscompany.tripod.com 209.202.196.140 80
3188 405 16872 http GET
http://patscompany.tripod.com/BigBrother/gossip.htm Inet 200
213.151.37.227 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Windows
98) 2001-09-20 00:00:02 ZEUS - members.tripod.com 209.202.197.70 80 1141
591 4701 http GET
http://members.tripod.com/adm/popup/roadmap.shtml?member_name=patscompany&path=BigBrother&client_ip=212.107.15.98&ts=1000943906&ad_type=POPUP&id=ea5b28040eba3a12102871270ee6f80e
Inet 200
61.159.209.196 anonymous - 2001-09-20 00:00:05 ZEUS - - - - - - - - - - -
400
61.159.209.196 anonymous - 2001-09-20 00:00:06 ZEUS - - - - - - - - - - -
400
213.13.79.167 anonymous Mozilla/4.0 ( compatible; [dk]; Windows NT4.0;
Compaq
) 2001-09-20 00:00:11 ZEUS - www.pantyvision.com 198.138.77.161 80 609 322
621 http HEAD http://www.pantyvision.com/members/ Inet 401
213.13.79.167 anonymous Mozilla/4.6 ( compatible; MSIE 4.0; Windows NT5.0;
TWRAITH
) 2001-09-20 00:00:11 ZEUS - www.pantyvision.com 198.138.77.161 80 609 327
621 http HEAD http://www.pantyvision.com/members/ Inet 401
172.176.7.54 anonymous Mozilla/4.7 ( compatible; [en]; AOL 5.0; DigiExt
) 2001-09-20 00:00:12 ZEUS - www.southerncharms.com 64.159.87.117 80 719
362 282 http HEAD
http://www.southerncharms.com/mizbehaven/private/members.htm Inet 401
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:12 ZEUS - www.alltheweb.com - 80 - 354 383 http
GET http://www.alltheweb.com/g/ppus/more.gif Cache 0
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:13 ZEUS - www.alltheweb.com 66.77.74.20 80 4094
525 19798 http GET
http://www.alltheweb.com/search?cat=web&lang=any&query=m%C3%B6rk+gryning&phrase=on
Inet 200
172.176.7.54 anonymous Mozilla/3.01 ( compatible; MSIE 4.01; Windows 95;
DigiExt
) 2001-09-20 00:00:13 ZEUS - www.southerncharms.com 64.159.87.117 80 844
375 282 http HEAD
http://www.southerncharms.com/mizbehaven/private/members.htm Inet 401
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:14 ZEUS - lubid.lycos.com 209.202.192.91 80 546
431 337 http GET
http://lubid.lycos.com/one.asp?site=all_the_web&ord=1594531 Inet 200
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:14 ZEUS - www.alltheweb.com 66.77.74.20 80 719
408 327 http GET
http://www.alltheweb.com/g/t.gif?q=m%C3%B6rk+gryning&c=web&b=1;0;0;6;6.0;0;0;1;0;0&ord=3664245
Inet 200
63.14.248.73 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win
9x
4.90) 2001-09-20 00:00:14 ZEUS - i73.netscape.com 207.200.84.47 80 657 426
428 http GET
http://i73.netscape.com/c.cgi?A4442573$3516653$1024x768xundefinedx24$http://www.nightcharm.com/literotica/index.html
Inet 200
213.151.37.227 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Windows
98) 2001-09-20 00:00:15 ZEUS - downloads.members.tripod.com 209.202.197.10
80 6922 375 65607 http GET
http://downloads.members.tripod.com/bigbrotherbelgie2/patricia.mpeg Inet
64
213.89.206.193 anonymous Mozilla/4.72 ( compatible; MSIE 4.01; Windows 95;
ezn IE
) 2001-09-20 00:00:18 ZEUS - www.trophyteens.com 140.99.105.203 80 3187
353 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
212.204.35.101 anonymous Mozilla/4.5 [en] (Win98;
I) 2001-09-20 00:00:19 ZEUS - xchange.xlook.de 62.4.93.76 80 313 228 461
http GET http://xchange.xlook.de/cgi-bin/xcshow.cgi?stheid1.01 Inet 302
213.89.206.193 anonymous Mozilla/4.72 ( compatible; [fr]; Windows 95;
athome0107
) 2001-09-20 00:00:20 ZEUS - www.trophyteens.com 140.99.105.203 80 5640
344 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
213.89.206.193 anonymous Mozilla/4.6 ( compatible; MSIE 5.0; Windows
NT5.0; DigiExt
) 2001-09-20 00:00:21 ZEUS - www.trophyteens.com 140.99.105.203 80 6125
347 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
62.161.104.130 anonymous Mozilla/4.5 [fr] (Win98;
I) 2001-09-20 00:00:22 ZEUS - leader.linkexchange.com 204.71.191.220 80
688 291 624 http GET http://leader.linkexchange.com/X1488206/showiframe?
Inet 200
213.151.37.227 anonymous Mozilla/4.0 (compatible; MSIE 5.0; Windows
98) 2001-09-20 00:00:23 ZEUS - home.planetinternet.be 194.119.239.8 80 422
409 226 http GET http://home.planetinternet.be/~pin31269/back.jpg Inet 304
212.204.35.101 anonymous Mozilla/4.5 [en] (Win98;
I) 2001-09-20 00:00:23 ZEUS - www.sexday.de 192.67.198.52 80 2188 212
11671 http GET http://www.sexday.de/banner/banner12.gif Inet 64
213.89.206.193 anonymous Mozilla/4.0 ( compatible; [jp]; Windows NT5.0;
athome020
) 2001-09-20 00:00:23 ZEUS - www.trophyteens.com 140.99.105.203 80 8704
353 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
212.179.230.10 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows
98) 2001-09-20 00:00:24 ZEUS - service.bfast.com 209.225.26.101 80 406 345
417 http GET
http://service.bfast.com/bfast/serve?bfmid=253985&bfsiteid=38387169&bfpage=sibstc08
Inet 200
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:29 ZEUS - www.alltheweb.com 66.77.74.20 80 297
532 538 http GET
http://www.alltheweb.com/go/1/H/web/http/www.musicalstore.de/Return-Fire-B000007VOP.html
Inet 302
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:31 ZEUS - www.musicalstore.de 161.58.250.87 80
2094 500 1178 http GET
http://www.musicalstore.de/Return-Fire-B000007VOP.html Inet 200
213.13.79.167 anonymous Mozilla/4.6 ( compatible; MSIE 5.0; Windows 95;
DigiExt
) 2001-09-20 00:00:32 ZEUS - www.pantyvision.com 198.138.77.161 80 485 324
621 http HEAD http://www.pantyvision.com/members/ Inet 401
213.13.79.167 anonymous Mozilla/3.01 ( compatible; MSIE 4.01; Windows 95;
Compaq
) 2001-09-20 00:00:32 ZEUS - www.pantyvision.com 198.138.77.161 80 516 325
621 http HEAD http://www.pantyvision.com/members/ Inet 401
213.89.206.193 anonymous Mozilla/3.01 ( compatible; MSIE 5.0; Windows
NT5.0; DigiExt
) 2001-09-20 00:00:33 ZEUS - www.trophyteens.com 140.99.105.203 80 1484
348 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
213.89.206.193 anonymous Mozilla/4.7 ( compatible; [jp]; AOL 5.0; TWRAITH
) 2001-09-20 00:00:33 ZEUS - www.trophyteens.com 140.99.105.203 80 1469
341 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
213.89.206.193 anonymous Mozilla/4.6 ( compatible; [en]; Windows 98;
DigiExt
) 2001-09-20 00:00:33 ZEUS - www.trophyteens.com 140.99.105.203 80 1469
340 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
64.230.140.230 anonymous Mozilla/4.0 (compatible; MSIE 5.01; Windows
98) 2001-09-20 00:00:33 ZEUS - www.angeliquexxx.com 216.33.40.179 80 391
196 300 http HEAD http://www.angeliquexxx.com/members/index.html Inet 401
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:37 ZEUS - www.alltheweb.com 66.77.74.20 80 2812
395 19798 http GET
http://www.alltheweb.com/search?cat=web&lang=any&query=m%C3%B6rk+gryning&phrase=on
Inet 200
212.150.36.194 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows
98) 2001-09-20 00:00:37 ZEUS - www.dj.lgg.ru 80.68.242.2 80 6219 313 1308
http GET http://www.dj.lgg.ru/cgi-bin/counter.cgi?id=989318028 Inet 200
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:38 ZEUS - lubid.lycos.com 209.202.224.32 80 406
431 362 http GET
http://lubid.lycos.com/one.asp?site=all_the_web&ord=3542345 Inet 200
62.46.16.137 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win
9x 4.90;
QXW0332b) 2001-09-20 00:00:38 ZEUS - www.alltheweb.com 66.77.74.20 80 719
408 326 http GET
http://www.alltheweb.com/g/t.gif?q=m%C3%B6rk+gryning&c=web&b=1;0;0;6;6.0;0;0;1;0;0&ord=4274088
Inet 200
213.89.206.193 anonymous Mozilla/4.72 ( compatible; MSIE 4.01; Windows
NT5.0; DigiExt
) 2001-09-20 00:00:38 ZEUS - www.trophyteens.com 140.99.105.203 80 6063
353 398 http HEAD http://www.trophyteens.com/members/index.html Inet 401
63.14.248.73 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win
9x
4.90) 2001-09-20 00:00:38 ZEUS - www.ccbill.com 64.38.240.100 80 1843 453
6522 http GET
http://www.ccbill.com/system/support.cgi?client_accnum=904712 Inet 200
Other related posts:
- » ISA Logs with anonymous users, IP's and trafic???
