Sensibilium
Programmer
Hi,
I am running ISA Server 2000 on a Small Business Server 2000 installation.
My problem seems to be that my Packet Filter Logfiles have disappeared and/or are not being produced. Logging is enabled on Packet Filters, and was working correctly when I checked it last (possibly many moons ago).
Now, after having a quick look at netstat -a I find this somewhat disconcerting entry:
Could this possibly be a sign of intrusion? If so, is it likely that this intrusion is being covered up (by the intruder) by deleting all my Packet Filter logs?
Also how can I get rid of this potential intruder? My packet filters are little more than 'All outbound services enabled', and 'VPN Incoming Enabled', nothing else.
Ahdkaw
I am running ISA Server 2000 on a Small Business Server 2000 installation.
My problem seems to be that my Packet Filter Logfiles have disappeared and/or are not being produced. Logging is enabled on Packet Filters, and was working correctly when I checked it last (possibly many moons ago).
Now, after having a quick look at netstat -a I find this somewhat disconcerting entry:
Code:
TCP bigmamma:33979 clj20-117.dial-up.arnes.si:32090 ESTABLISHED
Could this possibly be a sign of intrusion? If so, is it likely that this intrusion is being covered up (by the intruder) by deleting all my Packet Filter logs?
Also how can I get rid of this potential intruder? My packet filters are little more than 'All outbound services enabled', and 'VPN Incoming Enabled', nothing else.
Ahdkaw