• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Strange Web Proxy forward traffic

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Strange Web Proxy forward traffic Page: [1]
Login
Message << Older Topic   Newer Topic >>
Strange Web Proxy forward traffic - 23.Jun.2010 10:12:58 PM   
richstaples

 

Posts: 2
Joined: 23.Jun.2010
Status: offline
I recently had issue with a virus on a client machine. This machine is using the ISA firewall client software and behind an ISA Server 2004. The client is XPSP3. I find tons of traffic similar to the following - none of which is initiated by a user. In my example I have substituted the actual Domain Name and the Client Host Name in the "User" section. This appears in the Client Username Column in the ISA Logging and always contains the "$" after the actual Hostname. I also replaced the source IP address with "#" for this post.

Log type: Web Proxy (Forward)
Status: 200 OK
Rule: Web Access Only
Source: Internal ( ###.##.#.###:0)
Destination: External (i104.panamamails.com 213.163.89.104:80)
Request: GET http://213.163.89.104/TvF4xsJp606xnjs3Y2xrPTEuNyZiaWQ9NjQ0OGI1Mjg0YWQxZWJlYzY3MmJjYTIxOGQzMjc5ODQ5ODIxOGFhMSZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTkyNzc1NA==28x
Filter information: Req ID: 07373aaf
Protocol: http
User: DOMAINNAME\HOSTNAME$
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NE...
Object source: Internet Processing time: 2875
Cache info: 0x400005 MIME type: -

I cannot find anything running on the client and virus scans show clean. A netstat reveals no abnormal connections. I cannot find the source.

Any help is appreciated.

_____________________________

Regards,
Rich
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Strange Web Proxy forward traffic Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts