Re: Whacky Log file tricks

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 3 Mar 2002 09:51:51 -0800

Actually, that's a question I've posed to the ISA team with little success;
It seems that GHBx requests can use any rule pertaining to the client...?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, March 01, 2002 13:46
Subject: [isalist] Whacky Log file tricks


http://www.ISAserver.org


Hey guys,

Here's a whacky log file finding:

192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:01, -, -,
-, law8.oe.hotmail.com, 216.33.240.253, 0, 80, 0, 0, -, -, GHBN, -, -,
-, 0, -, NNTP-TACTEAM, Allow Auth Users, 773, 0
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:01, -, -,
-, -, 216.33.240.253, 80, 10, 0, 0, 80, TCP, Connect, -, -, -, 0, -, All
Open Users, -, 773, 9461
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:01, -, -,
-, -, 216.33.240.253, 80, 10, 0, 0, 80, TCP, Connect, -, -, -, 0, -, All
Open Users, -, 773, 9461
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:01, -, -,
-, law8.oe.hotmail.com, 216.33.240.253, 0, -, 0, 0, -, -, GHBN, -, -, -,
0, -, NNTP-TACTEAM, Allow Auth Users, 773, 0
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:01, -, -,
-, -, 216.33.240.253, 80, -, 0, 0, 80, TCP, Connect, -, -, -, 0, -, All
Open Users, -, 773, 9462
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:01, -, -,
-, -, 216.33.240.253, 80, -, 0, 0, 80, TCP, Connect, -, -, -, 0, -, All
Open Users, -, 773, 9462
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:02, -, -,
-, law8.oe.hotmail.com, 216.33.240.253, 0, -, 0, 0, -, -, GHBN, -, -, -,
0, -, NNTP-TACTEAM, Allow Auth Users, 773, 0
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:02, -, -,
-, -, 216.33.240.253, 80, 10, 0, 0, 80, TCP, Connect, -, -, -, 0, -, All
Open Users, -, 773, 9463
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:02, -, -,
-, -, 216.33.240.253, 80, 10, 0, 0, 80, TCP, Connect, -, -, -, 0, -, All
Open Users, -, 773, 9463
192.168.1.8, tomshinder, msimn.exe:3:5.1, -, 3/1/2002, 15:28:03, -, -,
-, law8.oe.hotmail.com, 216.33.240.253, 0, -, 0, 0, -, -, GHBN, -, -, -,
0, -, NNTP-TACTEAM, Allow Auth Users, 773, 0

The NNTP-TACTEAM rule is a Server Publishing Rule for a NNTP server on
the internal network. The 192.168.1.8 is my workstation. Why would GHBN
use inbound TCP 119?

Log files are certainly fun!

Tom
www.isaserver.org/shinder


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Whacky Log file tricks
• » RE: Whacky Log file tricks
• » RE: Whacky Log file tricks
• » Re: Whacky Log file tricks

1. Home
2. isalist
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---