• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Strange record in my ISA Server LOG! Hacker?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Strange record in my ISA Server LOG! Hacker? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Strange record in my ISA Server LOG! Hacker? - 15.Mar.2002 5:26:00 AM   
xadave

 

Posts: 21
Joined: 25.Oct.2001
Status: offline
Hi, I found some strange record in our ISA Server Web Proxy LOG, such as below:

202.38.245.249, anonymous, Mozilla/4.0 (compatible; MSIE 4.01; Windows 95), N, 3/15/2002, 0:11:50, W3ReverseProxy, PROXYSERVER, -, www.ebay.com, -, 0, 0, 149, 0, -, -, GET, http://www.ebay.com/, -, -, 12202, -, Default rule, -

The IP(202.38...) is not private IP of our LAN user! Does this mean that some hackers have attacked at our ISA Server and have controled it?
I am not clear about these records. Any help? Thanks.
David
Post #: 1
RE: Strange record in my ISA Server LOG! Hacker? - 15.Mar.2002 6:51:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi David,

That's pretty interesting, because someone sent a request to your Incoming Web Requests listener for www.ebay.com! I wonder how your ISA Server got associated with ebay? Probably some cache poisoning somewhere?

I'd keep an eye on it!

HTH,
Tom

(in reply to xadave)
Post #: 2
RE: Strange record in my ISA Server LOG! Hacker? - 17.Mar.2002 2:03:00 AM   
chzhed

 

Posts: 5
Joined: 11.Mar.2002
Status: offline
Yea, definately keep an eye on that... Here is the ownership info for the IP in that log:

inetnum: 202.38.192.0 - 202.38.255.255
netname: SCUT-CN
descr: 华南理工大学
descr: South China University of Technology
descr: Guangzhou, Guangdong 510641, China
country: CN
admin-c: LZ1-CN
tech-c: LZ1-CN
notify: dbmon@apnic.net
changed: hostmaster@apnic.net 19940908
source: APNIC

(in reply to xadave)
Post #: 3
RE: Strange record in my ISA Server LOG! Hacker? - 17.Mar.2002 5:43:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

Looks like the person making the request was trying to use the server as an anonymous proxy, but it didn't work! [Big Grin]

HTH,
Tom

(in reply to xadave)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Strange record in my ISA Server LOG! Hacker? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts