Re: anonymous user with internet IP number in websession
- From: tim S <tim724342@xxxxxxxxx>
- To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 5 Oct 2004 16:54:42 -0700 (PDT)
Jim,
Here is part of my webproxy log
c-ip cs-username sc-authenticated date time s-computername
cs-referred r-host r-ip
162.3.45.66 anonymous N 2004-10-05 22:02:46 ISA2K ? ftp.xyz.com
10.0.0.16
68.45.32.234 anonymous N 2004-10-05 22:04:10 ISA2K ? ftp1.xyz.com
10.0.0.15
I set the outgoing listener to ask for authentication, but still I get the
anonymous logins (not for internal users though).
Those two c-ip numbers appear in the web session client IP address column, when
I look at the monitoring node. I have integrated authentication method enabled
on all incoming web listeners. Those ftp sites are our servers.
This is what I did. ISA2K?s external NIC has five different IP numbers. I
removed the primary IP number of the external NIC, added another IP number and
put the old one back again (not as a primary IP attached to the card). Then
rebuilt the routing table. I also told my users to start using both firewall
and web proxy clients. HTTP redirector drops all HTTP requests from firewall
and secureNat clients. But now I only see anonymous usernames even for
internal users in websession unless if I set the outgoing listener to ask for
authentication. I thought setting up the webproxy client means I didn?t
haven?t to ask for authentication because domain\user info won?t be stripped
off from HTTP redirector. I would appreciate it if you can tell me whether I
screwed up the ISA by removing the IP and rebuilding the routing table. Thanks
Is it normal for ISA to show external user sessions in the websession node?
Jim Harrison <jim@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org
You should be seeing those requests getting bounced.
Have you checked your web proxy logs?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "tim S"
To: "[ISAserver.org Discussion List]"
Sent: Tuesday, October 05, 2004 10:20
Subject: [isalist] Re: anonymous user with internet IP number in websession
http://www.ISAserver.org
I configured individual IP numbers and all of them use integrated
authentication.
Jim Harrison wrote:
http://www.ISAserver.org
How have you configured the inbound web listener; all IPs or single IP?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "tim S"
To: "[ISAserver.org Discussion List]"
Sent: Tuesday, October 05, 2004 07:29
Subject: [isalist] Re: anonymous user with internet IP number in websession
http://www.ISAserver.org
Jim,
Yes, I publish number of websites and ftp sites. The log says those connections
were for my ftp site. But why would that show up
in the web session monitor. I thought you only see web sessions initiated from
the internal network on the monitoring node. Am I
correct?
Jim Harrison wrote:
http://www.ISAserver.org
Look in the ISA web proxy logs and you'll see what ISA thought of that
connection srequest.
Are you publishing any web sites?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Mon, 4 Oct 2004 17:12:14 -0700 (PDT)
tim S wrote:
http://www.ISAserver.org
I noticed the web session displays an anonymous user with an internet IP number
as client address. This internet IP number is not
the external NIC IP and doesn't belong to me at all. All my internal IPs are
10.10.10.0/24. Does this mean the web proxy session is
hacked? Thanks
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tim724342@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tim724342@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tim724342@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Other related posts:
