Is your ISA server just logging www & ftp access?
By default ISA will only log what it is proxying not what is passing
through.
Don't forget mail access.
The missing 40 gig would account for our mail traffic.
Also are you allowing p2p?
HTH
Andy
-----Original Message-----
From: Tran Nguyen Vu [mailto:tran.vunguyen_at_gmail.com]
Sent: 21 February 2005 11:20
To: security-basics_at_securityfocus.com
Subject: Help me
Dear all,
I have a problem and i dont know how to explain.
Last month, my ISP give our company a report about the capacity download
and upload, It was about 47GB.
The problem is my isa server has logged at about 7GB data down/upload.
When I asked them explain this great unequal capacity they said that
although My isa firewall prevented almost requests from the untrust
network (so this request was not included in capacity logfile and only
7GB was allowed),their server logged all requests to my router and
firewall from the other local Loop . It mean, there are 40GB data of
requests that not except (attack, scan ping ...) in a month.
So I make some caculation, every second, there are 16035 byte attack (I
call "attack" because I was not allowed.
Everybody help me explain this situation. I know, A request does not
have big capacity and my ISA server was not logged any attack!
Please help me. (sorry because of my english!)
Thanks in advance.
Received on Mar 01 2005
Intro
