Afternoon Everyone
Our Proxy 2 logs are showing some strange activity at times when there should be nobody logged on, never mind accessing the internet.
Logic suggests spyware or virus activity, although I am convinced we are clear of both.
Is there any way of tracing the source of these internet sessions ? Only when authenticated users access via the proxy server do I get an IP Address logged.
Sample of log :
-, -, -, N, 5/28/2005, 3:41:49, 1, -, -, -, 80, 141, 1542, 172, http, tcp, -, -, VCache, 304, 18874368
-, -, -, N, 5/28/2005, 3:41:50, 1, -, -, 64.4.55.109, -, 80, 375, 961, 138, http, -, -, -, Inet, 200, 27262976
-, -, -, N, 5/28/2005, 3:41:50, 1, -, -, 64.4.55.109, -, 80, 391, 717, 140, http, tcp, -, -, Inet, 200, 27262976
-, -, -, N, 5/28/2005, 3:41:50, 1, -, -, 64.4.55.109, -, 80, 391, 572, 152, http, -, -, -, Inet, 200, 27262976
-, -, -, N, 5/28/2005, 3:41:50,
Thanks in advance
Paul
Our Proxy 2 logs are showing some strange activity at times when there should be nobody logged on, never mind accessing the internet.
Logic suggests spyware or virus activity, although I am convinced we are clear of both.
Is there any way of tracing the source of these internet sessions ? Only when authenticated users access via the proxy server do I get an IP Address logged.
Sample of log :
-, -, -, N, 5/28/2005, 3:41:49, 1, -, -, -, 80, 141, 1542, 172, http, tcp, -, -, VCache, 304, 18874368
-, -, -, N, 5/28/2005, 3:41:50, 1, -, -, 64.4.55.109, -, 80, 375, 961, 138, http, -, -, -, Inet, 200, 27262976
-, -, -, N, 5/28/2005, 3:41:50, 1, -, -, 64.4.55.109, -, 80, 391, 717, 140, http, tcp, -, -, Inet, 200, 27262976
-, -, -, N, 5/28/2005, 3:41:50, 1, -, -, 64.4.55.109, -, 80, 391, 572, 152, http, -, -, -, Inet, 200, 27262976
-, -, -, N, 5/28/2005, 3:41:50,
Thanks in advance
Paul