0

I have have a small network (20 users) running ISA Server 2000 under Windows Server 2003. Although I'm no security experty, I feel I have a good understanding of ISA Server. To my knowledge, anonymous outbound access is disabled, although this doesn't mean that something may be configured incorrectly. Here's my question:

  1. Why would there be unknown (anonymous) IPs listed under client sessions? None of the IPs belong to the network. A WhoIs lookup shows countries of origin such as China, Canada, and Latin America. I can't imagine this being a good thing.

  2. What would the benefit be for someone to connect (or piggy-back) one's network, assuming that's the case?

Any insight would be greatly appreciated!

2 Answers2

1

All IP addresses on the internet are constantly scanned for vulnerabilities. ISA counts any connection as a client session. So, these IP addresses are from external sources scanning your IP address for ways into your network.

How to fix? Install a firewall or otherwise gateway your server so that it does not have a public IP address. You can also 'whitelist' incoming ip addresses depending on how you use your server.

Dave Drager
  • 8,375
  • 29
  • 45
0
  1. These could be incoming connections hitting your inbound packet filters / publishing rules. Do you have any inbound access allowed? ISA would see them as clients.
  2. Assuming #1 is the case, especially with the origins you're coming up with, it's most likely someone snooping around.
squillman
  • 37,883
  • 12
  • 92
  • 146