RE: strange

• From: "Quillman Shawn (RBNA/CIT1.1)" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 9 Dec 2002 08:41:54 -0500

I really doubt that that's the case (although it's been proven once or twice
before that I have been wrong :-).  Check your logs.  Do you have any rules
that allow access based on client address?  Are you sure he's using his own
account?  Maybe he's gotten someone else's password.
 
-Shawn
----- 
Shawn R. Quillman 
Robert Bosch Corporation RBNA/CIT1.1 
38000 Hills Tech Drive 
Farmington Hills, MI  48331 
(248) 553-1164 (P)     (248) 848-2855 (F) 
shawn.quillman@xxxxxxxxxxxx 
-----Original Message-----
From: Bruno ROUY [mailto:bruno.rouy@xxxxxxxx]
Sent: Monday, December 09, 2002 8:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: strange


http://www.ISAserver.org


Hum, if i connect with his login password on another workstation i don't
pass.... . i tkinking he use (maybe) a software who can bypass my rules
-----Message d'origine-----
De : Faizal Khan [mailto:mis@xxxxxxxxxxxxxx]
Envoyé : lundi 9 décembre 2002 14:27
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: strange


http://www.ISAserver.org


Bruno,
 
Shawn's right, you may have this user in one particular group.  If it
continues, just deny user from internet access.  Strong approach, but as a
medium until problem is solved.
 
With Kind Regards,
Khan
 
____________________________
 
Faizal Khan
MIS Manager
Guyana Forestry Commission
1 Water Street, Kingston, 
Georgetown, GUYANA.
Tel :  + (592) 226-7272
Fax : + (592) 226-8956
Email:  <mailto:forestry.mis@xxxxxxxxxxxxxxxxx>
forestry.mis@xxxxxxxxxxxxxxxxx
Website:  <http://www.forestry> http://www.forestry.gov.gy
<http://www.forestry.gov.gy> 
-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Monday, December 09, 2002 9:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: strange
 
More than likely there's a misconfiguration in one of your ISA rules.  Look
at the logs to see which rules are allowing the connection.  Rule #1 is the
protocol rule that is allowing the connection and Rule #2 is the site and
content rule that allows it.  If you don't have those log fields turned on
then enable it and see if that gives you some insight.
 
If that's not it, make sure the user is not buried in a group somewhere that
is allowed access.
 
-Shawn
----- 
Shawn R. Quillman 
Robert Bosch Corporation RBNA/CIT1.1 
38000 Hills Tech Drive 
Farmington Hills, MI  48331 
(248) 553-1164 (P)     (248) 848-2855 (F) 
shawn.quillman@xxxxxxxxxxxx 
-----Original Message-----
From: Bruno ROUY [mailto:bruno.rouy@xxxxxxxx]
Sent: Monday, December 09, 2002 7:53 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] strange
http://www.ISAserver.org
Hello,
do you know if exist a prg who permit to some users to bypass my
proxy/firewall ? i see a user in the log who don't have acces to the net !
.i had searched but find nothing...
Bruno
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bruno.rouy@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » strange
• » RE: strange
• » RE: strange
• » RE: strange
• » RE: strange

1. Home
2. isalist
3. Archive
4. 12-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---