RE: strange log entries

• From: <tim.altena@xxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Thu, 6 Oct 2005 10:44:55 -0500

In this instance I was the user and I went to that PC logged on.  I went
to 5 different websites, www.msn.com, www.yahoo.com, www.google.com,
www.cnn.com, and www.microsoft.com.  I then didn't a query to pull up
all requests from that IP address in the webproxy log.  Every request
was too an IP address not a FQDN.  I am in transition mode in my
installation now and my default gateway does not point to my ISA server,
(before you scream at me in the end it will be, currently testing a
subset of users with proxy settings and firewall client software), so
securenat request could not be routed to the ISA server.

It's a little confusing to me why one machine would be acting this way.
If you try to go to most of the URLs they do not even function with the
IP instead of the FQDN because the side must look at host headers.

Tim


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, October 06, 2005 9:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: strange log entries

http://www.ISAserver.org

Maybe the request was made to an address, or the client is acting in the
role of SecureNAT client for that connection.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: tim.altena@xxxxxxxxxxxxxx [mailto:tim.altena@xxxxxxxxxxxxxx] 
> Sent: Thursday, October 06, 2005 9:24 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] strange log entries
> 
> http://www.ISAserver.org
> 
> I have one PC that is logging only IP address information on the ISA
> server.  See below
> 
> ClientIp      ClientUsername  DestHost                URI
> 174331110     ORANGE_FACT\tima        206.65.174.102
> http://206.65.174.102/us.yimg.com/a/1-/flash/promotions/yahoo/
> 051006/70i
> lt.gif
> 
> Every other PC is logging the FQDN for desthost and in the URL.  Has
> anyone seen this before?  I checked and the user is going to the FQDN
> not the IP address in the browser.  Oh they are setup as 
> Firewall Client
> and WebProxy client.
> 
> Tim
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tim.altena@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » strange log entries
• » RE: strange log entries
• » RE: strange log entries

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---