Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Another reportign qurestion about one or two IP addresses

microsoft.public.security.forefront






Speedup My PC
Reply
  #1 (permalink)  
Old 04-22-2009
msnews.microsoft.com
 

Posts: n/a
Another reportign qurestion about one or two IP addresses
When I run the staandard report query inside TMG Foreftont, I can pick
monthly or daily. When I get to the top websites section, the top 6 are in
Amsterdam (I'm sure its a nice country but we don't do a lot of business
with them). Is there any way to query the logs to find out who is going
there? The logs are all in option #1 format (SQL Server Express 2005 ).

Thanks!

Arch



Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 04-22-2009
Phillip Windell
 

Posts: n/a
Re: Another reportign qurestion about one or two IP addresses
Use the monitoring log to filter the logs to show only entries with one of
the particular IP# destiantions in Amsterdam. Then look at the Client IP#
on the log entry.

Because of all the "shady" activity in that part of the World,...it is most
likely the result of some kind of infection (spyware, adware, scareware,
viruses,..take your pick). It could be a simple as some kind of Tool Bar in
the browser that some user was "con'ed" into adding to their browser that
"runs home to momma" once ever few minutes. It could also be Add banners
that are seen in a common website,..after all those ads are not *really* on
the same web server as the site,...they are just linked in from wherever
they are at.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/l...chNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/l...chNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------


"msnews.microsoft.com" <Arch@tuparks.com> wrote in message
news:O1%23ppS3wJHA.956@TK2MSFTNGP03.phx.gbl...
> When I run the staandard report query inside TMG Foreftont, I can pick
> monthly or daily. When I get to the top websites section, the top 6 are in
> Amsterdam (I'm sure its a nice country but we don't do a lot of business
> with them). Is there any way to query the logs to find out who is going
> there? The logs are all in option #1 format (SQL Server Express 2005 ).
>
> Thanks!
>
> Arch
>
>
>



Reply With Quote
  #3 (permalink)  
Old 04-23-2009
Arch Willingham
 

Posts: n/a
Re: Another reportign qurestion about one or two IP addresses
Well bust my booty...I had no idea that monitoring log woudl pull from
something besides what was happening right now! When I read your post, I
just found that you could change it from "live" to a previous time period.

Thanks so much for your help!

Arch



"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:Oec7Wt3wJHA.4176@TK2MSFTNGP03.phx.gbl...
> Use the monitoring log to filter the logs to show only entries with one of
> the particular IP# destiantions in Amsterdam. Then look at the Client IP#
> on the log entry.
>
> Because of all the "shady" activity in that part of the World,...it is
> most likely the result of some kind of infection (spyware, adware,
> scareware, viruses,..take your pick). It could be a simple as some kind
> of Tool Bar in the browser that some user was "con'ed" into adding to
> their browser that "runs home to momma" once ever few minutes. It could
> also be Add banners that are seen in a common website,..after all those
> ads are not *really* on the same web server as the site,...they are just
> linked in from wherever they are at.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Technet Library
> ISA2004
> http://technet.microsoft.com/en-us/l...chNet.10).aspx
> ISA2006
> http://technet.microsoft.com/en-us/l...chNet.10).aspx
>
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/p...s/default.mspx
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
>
> "msnews.microsoft.com" <Arch@tuparks.com> wrote in message
> news:O1%23ppS3wJHA.956@TK2MSFTNGP03.phx.gbl...
>> When I run the staandard report query inside TMG Foreftont, I can pick
>> monthly or daily. When I get to the top websites section, the top 6 are
>> in Amsterdam (I'm sure its a nice country but we don't do a lot of
>> business with them). Is there any way to query the logs to find out who
>> is going there? The logs are all in option #1 format (SQL Server Express
>> 2005 ).
>>
>> Thanks!
>>
>> Arch
>>
>>
>>

>
>



Reply With Quote
  #4 (permalink)  
Old 04-23-2009
Tech-Mentor
 

Posts: n/a
Re: Another reportign qurestion about one or two IP addresses
Hello Arch,

You may want to try my freeware program made especially for that!
http://www2.tech-mentor.com/uwr

Alain Hogue
Reply With Quote
  #5 (permalink)  
Old 04-23-2009
Phillip Windell
 

Posts: n/a
Re: Another reportign qurestion about one or two IP addresses
"Arch Willingham" <arch@tuparks.com> wrote in message
news:egJhDk7wJHA.4980@TK2MSFTNGP02.phx.gbl...
> Well bust my booty...I had no idea that monitoring log woudl pull from
> something besides what was happening right now! When I read your post, I
> just found that you could change it from "live" to a previous time period.


Glad to be of help. :-)

But if you try to take to big a bite it will choke up trying to gather all
of it,..plus the output is limited to a certain number of lines and then it
will just stop, so you have to add other conditions to reduce the size of
the output.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to get my addresses from XP Austenite microsoft.public.windows.vista.mail 1 03-01-2009 01:14
addresses egon maver microsoft.public.windows.vista.mail 0 12-07-2008 07:11
addresses Address microsoft.public.windows.vista.mail 0 09-09-2008 14:32
IP addresses DJT microsoft.public.windows.vista.networking sharing 2 04-20-2008 15:48
addresses Debbie microsoft.public.windows.vista.mail 1 07-02-2007 12:45




All times are GMT +1. The time now is 02:56.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120