OH BOY - NEED SOME HELP!

TheMSsForum.com: The Microsoft Software Forum

Can any one tell me what this looks like? Are you thinking what I am
thinking? Any thoughts are appreciated?
ENVIROMENT
SERVER:NT 4.0 6A
PROXY 2.0
Exhange 5.5 SP4
Antigen Virus Software

Here is a snapshot from a PF proxy log. I have changed the internal and
gateway ip addresses for security reasons. Just imaging tat 111.111.111.11
is the internal address of the NT server in question, and 100.100.100.10 is
internet gateway address. I am seeing this occur periodically. Also, our
proxy suddenly crashes, and brings down all the services, thus preventing any
Internet Access. I have to start the services again. My servers have all MS
Updates.

11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
100.100.100.10, -, -,
Top

Re: OH BOY - NEED SOME HELP! by Lionel

Lionel
Tue Nov 09 15:37:36 CST 2004

"BEEF_WELLINGTON" <BEEFWELLINGTON@discussions.microsoft.com> a écrit dans le
message de news: C8130E52-6CA6-4C60-A750-8CCF2DB46A7F@microsoft.com...
> Can any one tell me what this looks like? Are you thinking what I am
> thinking? Any thoughts are appreciated?

And what exactly are you thinking? Port 53 is DNS, so your (lengthy) log is
just showing some DNS requests. If you are blocking them, it could be a
source of problems.

If you want more answers, you should probably ask more precise questions
(and choose a more precise subject).

Top

Re: OH BOY - NEED SOME HELP! by Tom

Tom
Tue Nov 09 18:14:52 CST 2004

Okay, just what *are* you thinking?

Tom
"BEEF_WELLINGTON" <BEEFWELLINGTON@discussions.microsoft.com> wrote in
message news:C8130E52-6CA6-4C60-A750-8CCF2DB46A7F@microsoft.com...
| Can any one tell me what this looks like? Are you thinking what I am
| thinking? Any thoughts are appreciated?
| ENVIROMENT
| SERVER:NT 4.0 6A
| PROXY 2.0
| Exhange 5.5 SP4
| Antigen Virus Software
|
| Here is a snapshot from a PF proxy log. I have changed the internal and
| gateway ip addresses for security reasons. Just imaging tat
111.111.111.11
| is the internal address of the NT server in question, and 100.100.100.10
is
| internet gateway address. I am seeing this occur periodically. Also, our
| proxy suddenly crashes, and brings down all the services, thus preventing
any
| Internet Access. I have to start the services again. My servers have all
MS
| Updates.
|
| 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
| 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
| 100.100.100.10, -, -,
|


Top

Re: OH BOY - NEED SOME HELP! by Karl

Karl
Wed Nov 10 01:19:43 CST 2004

You need to call Microsoft for some competent proxy-related tech support.
Start by checking your Windows event logs on your proxy server and doing
standard Windows maintenance and diagnostics, like running a full scandisk
and defrag, making sure you have all Windows patches installed, etc. Ignore
the logs you've posted, they're meaningless without some additional info.


"BEEF_WELLINGTON" <BEEFWELLINGTON@discussions.microsoft.com> wrote in
message news:C8130E52-6CA6-4C60-A750-8CCF2DB46A7F@microsoft.com...
> Can any one tell me what this looks like? Are you thinking what I am
> thinking? Any thoughts are appreciated?
> ENVIROMENT
> SERVER:NT 4.0 6A
> PROXY 2.0
> Exhange 5.5 SP4
> Antigen Virus Software
>
> Here is a snapshot from a PF proxy log. I have changed the internal and
> gateway ip addresses for security reasons. Just imaging tat
111.111.111.11
> is the internal address of the NT server in question, and 100.100.100.10
is
> internet gateway address. I am seeing this occur periodically. Also, our
> proxy suddenly crashes, and brings down all the services, thus preventing
any
> Internet Access. I have to start the services again. My servers have all
MS
> Updates.
>
> 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
>


Top

Re: OH BOY - NEED SOME HELP! by Vanguard

Vanguard
Wed Nov 10 01:20:44 CST 2004

"BEEF_WELLINGTON" <BEEFWELLINGTON@discussions.microsoft.com> wrote in
message news:C8130E52-6CA6-4C60-A750-8CCF2DB46A7F@microsoft.com...
> Can any one tell me what this looks like? Are you thinking what I am
> thinking? Any thoughts are appreciated?
> ENVIROMENT
> SERVER:NT 4.0 6A
> PROXY 2.0
> Exhange 5.5 SP4
> Antigen Virus Software
>
> Here is a snapshot from a PF proxy log. I have changed the internal
> and
> gateway ip addresses for security reasons. Just imaging tat
> 111.111.111.11
> is the internal address of the NT server in question, and
> 100.100.100.10 is
> internet gateway address. I am seeing this occur periodically. Also,
> our
> proxy suddenly crashes, and brings down all the services, thus
> preventing any
> Internet Access. I have to start the services again. My servers have
> all MS
> Updates.
>
> 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,
> 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0,
> 100.100.100.10, -, -,

<snip>

You mean those dumb users haven't memorized the IP addresses for all of
your internal hosts and for every Internet site? They are so brain dead
as to still use human-readable IP *names* (that require a DNS lookup)?
Boy, that's weird that they haven't memorized, for example,
198.175.96.33 instead of using www.intel.com.

Sorry, although I can read minds, yours is way too scrambled to get a
good reading (hmm, I'm getting this collage of images of you in a field
rolling yourself into a blanket of dough and with amorous geese chasing
cows ... oh, that's your moniker, sorry). So, no, we don't know what
you are thinking because YOU NEVER TOLD US. Duh!

Top