RE: Odd entry in Firewall service log

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 3 Mar 2003 16:36:16 -0600

Hi Shawn,

GREAT STUFF! I appreciate the help. Now to present the employee with his 
walking papers :-)

Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Monday, March 03, 2003 11:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Odd entry in Firewall service log


http://www.ISAserver.org



And further research shows: www.filenavigator.com

Yet another P2Piece of garbage...

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) 
Sent: Monday, March 03, 2003 12:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Odd entry in Firewall service log


http://www.ISAserver.org



From that 2nd site in German off of Google:

File Navigator 2.10
von der C´t Mp3 Shareware-Seite installierte wohl den seltsamen "uninstall
onflow.exe", der auch lt Atguard prompt nach Hause funken will:
Outbound TCP connection 
Remote address,service is (147.208.175.70,http) 
Process name is "uninstall onflo"
Die IP gehört der Intel Corporation....

Apparently File Navigator is your culprit.  From another site I found that
apparently this IP belongs to Intel.

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, March 03, 2003 11:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Odd entry in Firewall service log


http://www.ISAserver.org


Anyone seen this one yet in the Firewall service log:

192.168.1.141, LarryC, uninstall onflo:3:5.1, -, 3/3/2003, 10:34:42, -,
-, -, -, 147.208.175.70, 80, 82819, 0, 0, 80, TCP, Connect, -, -, -,
20001, -, All Open Users, Allow All Users, 15, 1092

A google search show two entries (in German) and an www.alltheweb.com
didn't bring anything up for the "uninstall onflo" entry.

Thanks!

Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Odd entry in Firewall service log
• » RE: Odd entry in Firewall service log
• » RE: Odd entry in Firewall service log
• » RE: Odd entry in Firewall service log

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---