I am receiving Anonymous user log in ISA 2004 (sp3)on windows 2003 (sp1) when client (XP) uses SKYPE althogh that user have no access on certain rules but log shows that he gain access as a user name ANONYMOUS.
I am facing a weird problem with ISA 2006. I created a rule to stop a specific site. I have a subnet of 30PCs (192.168.0.10-192.168.0.40). All the PCs are configured as secureNat clients. This rule applied fine on all users and the access to this site was stopped.Only one user was able to access it through ISA. When querying the IP address of this user, the log shows 2 specific destination IP address that the request go to. I stopped access to these 2 addresses and still the user was able to access this web site. The Ipconfig utility on the user machine shows the details of a VPN connection. Again i stopped all the VPN protocols on this users' rule and still he was able to access the site!!! Have u ever faced such a situation? Any hint will be so much appreciated
Hi JDKN, Modify the acces rule u have and allow only the HTTP protocol and see what you'll get. Make sure also that there is no other proxy on your subnet that the user can use to connect to the internet...
HTH,
Roy
_____________________________
Roy Haddad,M.Sc CCNA, MCSE 2003 Messaging & Security,C|EH www.foxminds.com
I allowed only the http protocol on the user's rule. He was able to connect to the restricted site!When I denied him access, he couldn't go to any site...so i don't think he's using another proxy.... Waiting for ur help!!thanks
Hi, He's using http tunneling, u have to apply the http filter on his allow rule and stop this tunneling. If you have physical access to his computer you can search for the tool he's using to do this tunneling. I suggest you log his internet activity and post the log you obtain in this forum if you can.
HTH,
Roy
_____________________________
Roy Haddad,M.Sc CCNA, MCSE 2003 Messaging & Security,C|EH www.foxminds.com
Ah, the arms race of using technology to solve social issues...
After you figure out a filter to stop the http tunneling, the user will probably switch to https (which ISA can't inspect, unless you install an add-on).
I'm as big a fan as anyone of locking down outbound internet access, but it sounds like you have a technically savvy user who is trying repeatedly to beat the system. It strikes me as an issue that might be best solved by HR and not IT
Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi,
I'd say there are things we can control and there are some we can't.
If this guy's machine is a member of a managed domain, just create an OU, drop his username in it, create a policy for him and review (read DENY) his rights to install and tweak his machine.
Unistall his unwanted apps and slap him with an Internet Usage Policy with disciplinary repurcussions if violated (this is where HR comes in, after you are in charge).
He may be good, but I would want to see him wiggle through such
A cat with unkempt fur is not by any means a lion!!!!!
Am still in combat with my fellow. I logged his activity, nothing seems to be unusual. Protocol used http; port 80; destination some real IPs; rule that allow him acces is the special rule i created for him and which is among the first between the ISA rules. Do I have to use some 3rd party tools such as surf control or websense to stop him? I think that the ISA http filter isn't that powerful filter!!
You have to know what u want from ur http filter to see ISA http filter capabilities!!! Concerning ur colleague start by denying him access to the properties of its network connections and ensure that there is no other connections than its Local Area Connection set up! Ensure also that he's a domain user and don't make him a local admin on his machine!
HTH,
Roy
_____________________________
Roy Haddad,M.Sc CCNA, MCSE 2003 Messaging & Security,C|EH www.foxminds.com
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> anonymous access ???? why 
anonymous access ???? why - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread