+ Post New Thread
Results 1 to 8 of 8
Wireless Networks Thread, How do I stop this?? in Technical; I'm having problems with unwanted attempts of accessing our network. I've attached a screenshot of the SurfControl Real-time Monitor. Its ...
  1. #1
    actech's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    198
    Thank Post
    50
    Thanked 20 Times in 17 Posts
    Rep Power
    16

    How do I stop this??

    I'm having problems with unwanted attempts of accessing our network. I've attached a screenshot of the SurfControl Real-time Monitor. Its all the red ones that concern me. I assume that they would be using bandwidth that at the moment I can't afford to loose.

    Does anyone have any suggestions?
    Attached Images Attached Images

  2. #2
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,128
    Thank Post
    77
    Thanked 118 Times in 99 Posts
    Rep Power
    66
    That looks like someone in your network "acw\iusr_mercury" is trying to access hotmail and its blocked. Try education your user that hotmail is blocked ??

  3. #3
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    111
    \iusr_[computername] is used by IIS for anonymous serving.

    You could check the computer 'acw' for malware? If someone from outside your network is requesting pages from the IIS server and it is causing you problems you should block their IP. If someone internally is requesting Hotmail, then it is being blocked as it should by Surf Control. You can also look at the user rights to each directory on the server.

    Livio.net Setting NTFS Folder Permissions for IUSR account

    Surf Control has been taken over by Websense so you may want to migrate over.

    Web Security, Internet Filtering and Internet Security Software - Websense, Inc.
    Last edited by somabc; 13th October 2008 at 12:27 AM.

  4. #4
    actech's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    198
    Thank Post
    50
    Thanked 20 Times in 17 Posts
    Rep Power
    16
    Acw is the domain, not the computer. The computer is Mercury which is our exchange server. Changing to Websense is not an option at the moment as the decision was made from district office that we stay with SurfControl for one more year while they look into the possibility of a WAN type solution (don't ask as I have no idea).

    For the record there was no-one on the network when this happens. This is what I'm trying to work out.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,755
    Thank Post
    825
    Thanked 1,662 Times in 1,447 Posts
    Blog Entries
    11
    Rep Power
    441
    Does your exchange use OWA?

    Do you have a frontend exchange in the DMZ?

  6. #6
    actech's Avatar
    Join Date
    Mar 2008
    Location
    Australia
    Posts
    198
    Thank Post
    50
    Thanked 20 Times in 17 Posts
    Rep Power
    16
    Yes we use OWA, and nop we don't have a frontend OWA in a DMZ. I don't have the resources to do this at the moment.

  7. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,985
    Thank Post
    850
    Thanked 2,651 Times in 2,251 Posts
    Blog Entries
    9
    Rep Power
    763
    Are you running any email scanning software integrated into exchange that could be attempting to scan links or embedded images.

    On the plus side if the filter is blocking it then it is not makeing it out to the internet and wasting your bandwidth, it will be adding lots of wasted cycles to your firewall server though.

    Edit: just a thought but what account is your smtp service running under, could it be generating the hits to hotmail as it is teh MX servers that it is hitting. Surfcontroll is not limited to just http and will monitor and restrict other protocols that are pushed through it like smtp traffic. Have you tested that your users can send to hotmail/checked the queues in Exchange SM or SEF
    Last edited by SYNACK; 13th October 2008 at 06:16 PM. Reason: added +1 bright idea :)

  8. #8
    BaccyNet's Avatar
    Join Date
    Jun 2007
    Location
    Norfolk
    Posts
    309
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    17
    From the looks of it (not used SurfControl) it looks a lot like someone has tried to send an email to a Hotmail user but your Exchange server cannot deliver it (thus the multiple queries to different servers, it can DNS but not connect)

    As we dont have Exchange (yet) I cant say how you would find this out.

SHARE:
+ Post New Thread

Similar Threads

  1. STOP IT
    By faza in forum Wireless Networks
    Replies: 7
    Last Post: 11th April 2008, 11:02 AM
  2. Will The Disinformation Ever Stop?
    By Diello in forum BSF
    Replies: 45
    Last Post: 10th March 2008, 12:17 PM
  3. Stop
    By Jamie2000uk in forum Network and Classroom Management
    Replies: 3
    Last Post: 24th January 2008, 10:19 PM
  4. STOP UNC Connections
    By tomlin in forum Windows
    Replies: 8
    Last Post: 5th December 2007, 12:00 PM
  5. Could this be a reason to stop the tests?
    By sidewinder in forum ICT KS3 SATS Tests
    Replies: 7
    Last Post: 19th April 2007, 05:57 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •