Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#352806 - 25/06/2012 19:03 Netscreen?
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
I recently started supporting a law firm. Normally, I tend to avoid supporting servers because they're not in my wheelhouse, but this firm has one and I'm helping them with it.

One of the only issues I haven't been able to figure out is one that'll probably be immediately obvious to you wise folk. One of the primary users on the network (one of the two attorneys in the firm) receives regular notices in Outlook in the form of "NetScreen Traffic Logs."

First, are these firewall reports? I can't really see any firewall software or hardware installed in the network. Should I be regularly checking these?

The main issue is that the user would like to stop receiving these, but I can't tell how they're being delivered to him. Here is an example of one of the lines from one of these reports, if it's at all helpful:

Quote:
[00017] 2012-06-23 16:09:27 [Root]system-notification-00257(traffic): start_time="2012-06-23 16:09:27" duration=0 policy_id=320001 service=proto:2/port:0 proto=2 src zone=Null dst zone=Null action=Deny sent=0 rcvd=40 src=192.168.101.11 dst=224.0.0.22


So what do I do here?
_________________________
Matt

Top
#352807 - 25/06/2012 19:12 Re: Netscreen? [Re: Dignan]
RobotCaleb
pooh-bah

Registered: 15/01/2002
Posts: 1866
Loc: Austin

Top
#352808 - 25/06/2012 19:19 Re: Netscreen? [Re: Dignan]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Easiest thing to do would be to do "view source" on the email message and follow the "Received" headers to see all the mail hops. The IP address in the last Received: header is probably the IP of the firewall that's emitting these messages.

To disable these particular messages:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB6389
_________________________
- Tony C
my empeg stuff

Top
#352829 - 26/06/2012 01:38 Re: Netscreen? [Re: tonyc]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Thanks guys. It looks like the firm has one of these somewhere in their network. I've inherited this patchwork system from an IT guy they fired, so I'm kind of flying blind here. I don't have a clue what the logins might be or how he has this thing configured. Oh well, more work for me!

Thanks again for the help.

Caleb, that link seems like it'll get me on track, though I don't understand it all yet...

Tony, I'll try to get that info and see about getting access to those admin screens. Thanks for the instructions, I think that'll do it if I'm able to get in.

Thanks to both of you.
_________________________
Matt

Top