I'm having problems with unwanted attempts of accessing our network. I've attached a screenshot of the SurfControl Real-time Monitor. Its all the red ones that concern me. I assume that they would be using bandwidth that at the moment I can't afford to loose.
Does anyone have any suggestions?
That looks like someone in your network "acw\iusr_mercury" is trying to access hotmail and its blocked. Try education your user that hotmail is blocked ??
\iusr_[computername] is used by IIS for anonymous serving.
You could check the computer 'acw' for malware? If someone from outside your network is requesting pages from the IIS server and it is causing you problems you should block their IP. If someone internally is requesting Hotmail, then it is being blocked as it should by Surf Control. You can also look at the user rights to each directory on the server.
Livio.net » Setting NTFS Folder Permissions for IUSR account
Surf Control has been taken over by Websense so you may want to migrate over.
Web Security, Internet Filtering and Internet Security Software - Websense, Inc.
Last edited by somabc; 13th October 2008 at 12:27 AM.
Acw is the domain, not the computer. The computer is Mercury which is our exchange server. Changing to Websense is not an option at the moment as the decision was made from district office that we stay with SurfControl for one more year while they look into the possibility of a WAN type solution (don't ask as I have no idea).
For the record there was no-one on the network when this happens. This is what I'm trying to work out.
Does your exchange use OWA?
Do you have a frontend exchange in the DMZ?
Yes we use OWA, and nop we don't have a frontend OWA in a DMZ. I don't have the resources to do this at the moment.
Are you running any email scanning software integrated into exchange that could be attempting to scan links or embedded images.
On the plus side if the filter is blocking it then it is not makeing it out to the internet and wasting your bandwidth, it will be adding lots of wasted cycles to your firewall server though.
Edit: just a thought but what account is your smtp service running under, could it be generating the hits to hotmail as it is teh MX servers that it is hitting. Surfcontroll is not limited to just http and will monitor and restrict other protocols that are pushed through it like smtp traffic. Have you tested that your users can send to hotmail/checked the queues in Exchange SM or SEF
Last edited by SYNACK; 13th October 2008 at 06:16 PM. Reason: added +1 bright idea :)
From the looks of it (not used SurfControl) it looks a lot like someone has tried to send an email to a Hotmail user but your Exchange server cannot deliver it (thus the multiple queries to different servers, it can DNS but not connect)
As we dont have Exchange (yet) I cant say how you would find this out.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks