Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Packet Filter Logs Missing

Status
Not open for further replies.

Sensibilium

Programmer
Apr 6, 2000
310
GB
Hi,

I am running ISA Server 2000 on a Small Business Server 2000 installation.

My problem seems to be that my Packet Filter Logfiles have disappeared and/or are not being produced. Logging is enabled on Packet Filters, and was working correctly when I checked it last (possibly many moons ago).

Now, after having a quick look at netstat -a I find this somewhat disconcerting entry:

Code:
  TCP    bigmamma:33979         clj20-117.dial-up.arnes.si:32090  ESTABLISHED

Could this possibly be a sign of intrusion? If so, is it likely that this intrusion is being covered up (by the intruder) by deleting all my Packet Filter logs?

Also how can I get rid of this potential intruder? My packet filters are little more than 'All outbound services enabled', and 'VPN Incoming Enabled', nothing else.

Ahdkaw
 
It's okay, discovered it to be Skype with the help of TCPView and Filemon.

As for the Packet Filters, I've heard that you need two NIC's in the server for ISA to use the filters. I only have the one NIC installed.

Ahdkaw
 
No, you can do it with one NIC. They key is to isntall it in either Integrated or Firewall modes. If you use the proxy mode, you can't have rules. Most people use the Integrated mode.

Dan
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top