Packet Filter Logs Missing

Sensibilium · Aug 5, 2005

Hi,

I am running ISA Server 2000 on a Small Business Server 2000 installation.

My problem seems to be that my Packet Filter Logfiles have disappeared and/or are not being produced. Logging is enabled on Packet Filters, and was working correctly when I checked it last (possibly many moons ago).

Now, after having a quick look at netstat -a I find this somewhat disconcerting entry:

Code:

  TCP    bigmamma:33979         clj20-117.dial-up.arnes.si:32090  ESTABLISHED

Could this possibly be a sign of intrusion? If so, is it likely that this intrusion is being covered up (by the intruder) by deleting all my Packet Filter logs?

Also how can I get rid of this potential intruder? My packet filters are little more than 'All outbound services enabled', and 'VPN Incoming Enabled', nothing else.

Ahdkaw

http://www.sensibilium.com/

Sensibilium · Aug 9, 2005

It's okay, discovered it to be Skype with the help of TCPView and Filemon.

As for the Packet Filters, I've heard that you need two NIC's in the server for ISA to use the filters. I only have the one NIC installed.

Ahdkaw

http://www.sensibilium.com/

dput · Aug 9, 2005

No, you can do it with one NIC. They key is to isntall it in either Integrated or Firewall modes. If you use the proxy mode, you can't have rules. Most people use the Integrated mode.

Dan

Sensibilium · Aug 11, 2005

Strange that then, as it's setup in Integrated mode...

Ahdkaw

http://www.sensibilium.com/

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Packet Filter Logs Missing

Sensibilium

Programmer

Sensibilium

Programmer

dput

IS-IT--Management

Sensibilium

Programmer

Similar threads

Part and Inventory Search

Sponsor