Wireless Networks Thread, How do I stop this?? in Technical; I'm having problems with unwanted attempts of accessing our network. I've attached a screenshot of the SurfControl Real-time Monitor. Its ...
12th October 2008, 10:53 PM #1
How do I stop this??
I'm having problems with unwanted attempts of accessing our network. I've attached a screenshot of the SurfControl Real-time Monitor. Its all the red ones that concern me. I assume that they would be using bandwidth that at the moment I can't afford to loose.
Does anyone have any suggestions?
IDG Tech News
12th October 2008, 11:35 PM #2
That looks like someone in your network "acw\iusr_mercury" is trying to access hotmail and its blocked. Try education your user that hotmail is blocked ??
12th October 2008, 11:43 PM #3
\iusr_[computername] is used by IIS for anonymous serving.
You could check the computer 'acw' for malware? If someone from outside your network is requesting pages from the IIS server and it is causing you problems you should block their IP. If someone internally is requesting Hotmail, then it is being blocked as it should by Surf Control. You can also look at the user rights to each directory on the server.
Livio.net » Setting NTFS Folder Permissions for IUSR account
Surf Control has been taken over by Websense so you may want to migrate over.
Web Security, Internet Filtering and Internet Security Software - Websense, Inc.
Last edited by somabc; 13th October 2008 at 12:27 AM.
13th October 2008, 12:33 AM #4
Acw is the domain, not the computer. The computer is Mercury which is our exchange server. Changing to Websense is not an option at the moment as the decision was made from district office that we stay with SurfControl for one more year while they look into the possibility of a WAN type solution (don't ask as I have no idea).
For the record there was no-one on the network when this happens. This is what I'm trying to work out.
13th October 2008, 12:36 AM #5
Does your exchange use OWA?
Do you have a frontend exchange in the DMZ?
13th October 2008, 12:58 AM #6
Yes we use OWA, and nop we don't have a frontend OWA in a DMZ. I don't have the resources to do this at the moment.
13th October 2008, 06:11 PM #7
Are you running any email scanning software integrated into exchange that could be attempting to scan links or embedded images.
On the plus side if the filter is blocking it then it is not makeing it out to the internet and wasting your bandwidth, it will be adding lots of wasted cycles to your firewall server though.
Edit: just a thought but what account is your smtp service running under, could it be generating the hits to hotmail as it is teh MX servers that it is hitting. Surfcontroll is not limited to just http and will monitor and restrict other protocols that are pushed through it like smtp traffic. Have you tested that your users can send to hotmail/checked the queues in Exchange SM or SEF
Last edited by SYNACK; 13th October 2008 at 06:16 PM.
Reason: added +1 bright idea :)
13th October 2008, 09:15 PM #8
From the looks of it (not used SurfControl) it looks a lot like someone has tried to send an email to a Hotmail user but your Exchange server cannot deliver it (thus the multiple queries to different servers, it can DNS but not connect)
As we dont have Exchange (yet) I cant say how you would find this out.
By faza in forum Wireless Networks
Last Post: 11th April 2008, 11:02 AM
Last Post: 10th March 2008, 12:17 PM
By Jamie2000uk in forum Network and Classroom Management
Last Post: 24th January 2008, 10:19 PM
By tomlin in forum Windows
Last Post: 5th December 2007, 12:00 PM
By sidewinder in forum ICT KS3 SATS Tests
Last Post: 19th April 2007, 05:57 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)