Ah, superuser is from the Kazaa program isn't it? And they are getting out on more than port 80. I assumed that when protocol rules was set to all, it meant all of them that are in the protocol definition list, but with the Isa Client, this must mean all ports (0-what ever??)?? Tim -----Original Message----- From: Tim Guy Sent: 17 February 2003 15:14 To: [ISAserver.org Discussion List] Subject: [isalist] Isa Reports - Superuser??? http://www.ISAserver.org I've got someone using Kazaa through the ISA firewall here. I haven't got any kazaa ports open so I assume they are going through port 80. In the report logs, it gives ip addresses normally (no user control here, Yet!) but this guys got Superuser instead of an IP address Where does this Superuser designation come from? Is it an ISA client rather than a NAT client? Cheers Tim ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tim@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')