[Intrusions] ISA Server external inbound firewall sessions

Mueller, Eric Eric.Mueller at atlanticare.org
Mon Mar 27 06:03:05 GMT 2006


I have noticed two public addresses occasionally connecting to the
firewall service externally from the internet. All internet addresses
should be passing through the proxy service, because all of our external
resources are using web publishing rules. Has anyone seen this? Is this
something I should worry about? I have tried running a packet trace but
was unsuccessful in capturing any traffic from these specific source
addresses, as I was not putting to much time into this. I wanted to make
sure I was not wasting my time observing something legit. It just did
not make any sense to me.

 

Thanks ahead of time!

 

Eric Mueller - GHTQ, GCWN, MCSE

Operating Systems Engineer II

AtlantiCare Information Technology

6725 Delilah Road, EHT

New Jersey, 08234



*******************************************
Confidentiality Notice: This e-mail message, including any attachments, from AtlantiCare contains information which is CONFIDENTIAL AND/OR LEGALLY PRIVILEGED. The information is intended only for the use of the individual named above and may not be disseminated to any other party without AtlantiCare's written permission. If you are not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, disclosure, distribution, copying or taking of any action in reliance on the contents of this e-mailed information is strictly prohibited. 
If you have received this e-mail in error, please notify us immediately by telephone at 609 - 569 - 7070 or notify us by e-mail at Isecurity at Atlanticare.org to arrange for the return of these documents to us without cost to you.




More information about the Intrusions mailing list