Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Help me

from [Andrew Shore] Network Security [Permanent Link]
Subject: RE: Help me
Date: Thu, 24 Feb 2005 22:47:02 -0000 
Is your ISA server just logging www & ftp access?

By default ISA will only log what it is proxying not what is passing
through.


Don't forget mail access.

The missing 40 gig would account for our mail traffic.

Also are you allowing p2p?

HTH 

Andy

-----Original Message-----
From: Tran Nguyen Vu [mailto:tran.vunguyen@gmail.com] 
Sent: 21 February 2005 11:20
To: security-basics@securityfocus.com
Subject: Help me



Dear all,
I have a problem and i dont know how to explain.
Last month, my ISP give our company a report about the capacity download
and upload, It was about 47GB.
The problem is my isa server has logged at about 7GB data down/upload.
When I asked them explain this great unequal capacity they said that
although My isa firewall prevented almost requests from the untrust
network (so this request was not included in capacity logfile and only
7GB was allowed),their server logged all requests to my router and
firewall from the other local Loop  . It mean, there are 40GB data of
requests that  not except (attack, scan ping ...) in a month.
So I make some caculation, every second, there are 16035 byte attack (I
call "attack" because I was not allowed. 
Everybody help me explain this situation. I know, A request does not
have big capacity and my ISA server was not logged any attack!

Please help me. (sorry because of my english!)
Thanks in advance.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: What could this icmp mean?, Pablo Moore
Next by Date:  RE: What could this icmp mean?, Andrew Shore
Previous by Thread:  Re: Help me, Mitchell Rowton
Next by Thread:  encrypted data honeypots and IDS, John Galt
Indexes:  [Date] [Thread] [Top] [All Lists]