Strange Problem...
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 29 Jun 2005 12:13:31 -0400
Had a major slowdown of all web traffic this morning, so I logged into
the ISA server and checked out the logs. There was a large amount of
NetBIOS traffic being logged, so I captured several seconds of it from
the firewall log, and restarted the server. The problem has since
disappeared.
Here are two entries that kept repeating themselves:
Original Client IP Client Agent Authenticated Client
Service Server Name Referring Server Destination Host Name
Transport MIME Type Object Source Source Proxy
Destination Proxy Bidirectional Client Host Name Filter
Information Network Interface Raw IP Header Raw
Payload Source Port Processing Time Bytes Sent
Bytes Received Result Code HTTP Status Code Cache
Information Error Information Log Record Type
Log Time Destination IP Destination Port Protocol
Action Rule Client IP Client Username
Source Network Destination Network HTTP Method URL
24.213.58.250 GATEWAY -
UDP -
- 137 0 0
0 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
0x0 0x0 Firewall 6/29/2005 9:07 10.6.8.72 137
NetBios Name Service Denied Connection
24.213.58.250 Local Host Internal - WAN Network
- -
10.20.3.22 GATEWAY -
UDP -
- 137 0 0
0 0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
0x0 0x0 Firewall 6/29/2005 9:07 10.6.8.72 137
NetBios Name Service Denied Connection 10.20.3.22
Local Host Internal - WAN Network - -
24.213.58.25 is one of our Public IP addresses
10.20.3.22 is a DHCP lease that was supposedly currently in use by the
ISA server, for VPN clients
10.6.8.72 is a workstation on one of our subnets.
There were no VPN connections in session at the time.
Anyone else seen something like this?
Other related posts:
