Loopback address
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Loopback address - 15.Sep.2008 7:36:42 AM
|
|
|
podhav
Posts: 2
Joined: 15.Sep.2008
Status: offline
|
When monitoring active connections, it keeps displaying huge downloads to address 127.0.0.1 on the ISA2006 server and particularly from adobe.com? Even an attempt to blacklist this domain fails to prevent these downloads. I also tried adding the adobe domain in the hosts file on ISA but that also does not work. It seems to throttle the bandwidth as every conceivable pdf & exe file from adobe is been downloaded. When stopping the download manually it just keeps persistently re-appearing!!
This is extremely frustrating. Please help.
|
|
|
|
RE: Loopback address - 15.Sep.2008 11:04:39 AM
|
|
|
podhav
Posts: 2
Joined: 15.Sep.2008
Status: offline
|
JustMe
Adobe Reader is NOT installed ISA - we did ensure this before installation of ISA2006. Whilst it is possible that clients could have Adobe installer trying to update - why are pdf and exe files that a totally unrelated to a "normal" ADOBE update are being downloaded?
I decided after much frustration re-installed GFI and after completely uninstalling, it now reports the following and no longer downloads from ADOBE but now from various sites?
unauthenticated
127.0.0.1
9382
x Receiving real filetype:html
http://groups.google.co.za/groups/dir?hl=en&sel=topic%3D46479.46478
unauthenticated
127.0.0.1
32726
x Receiving real filetype:html
http://groups.google.co.za/groups/dir?hl=en&sel=topic%3D46406.46400
This is extremely baffling. I contacted GFI in South Africa and they were not helpful at all. All they could say was that it is a ISA2006 issue and to make matters worse, they do not know enough of ISA2006 to help me! I am not impressed with GFI as I thought they built GFI for ISA, yet they do not understand how ISA functions?
They did advise that I change the integrated access on the internal network configuration to enable authentication to fix the unauthenticated bit you see above. This just aggravated matters as users had a logon dialog box appear each time they accessed via ISA for mail or internet - users became extremely frustrated and in any event this did not fix our issue of downloads attack to 127.0.0.1. All that this fixed is we were able to see the DOMAIN\usernames!
Somehow I believe the bug is in GFI ver 4 & by installing this monitoring tool - actually slows down the network through these possible DNS/HTTP attacks on the loopback address of 127.0.0.1. We have confirmed through CA's Anti-Virus that there is no virus evident. Perhaps is it is domain users traffic but why then does GFI report traffic from the loopback address of 127.0.0.1?
Can anybody advise how this issue can be escalated to the GFI designers.
|
|
|
|
|
RE: Loopback address - 15.Sep.2008 8:34:27 PM
|
|
|
spidermouse
Posts: 60
Joined: 27.Jul.2006
Status: offline
|
my guess at what's happeniung is this:
the users in your domain have adove installed and the software set to update automatically. When they update, the GFI plugin will download their requests to 127.0.0.1 first before scanning the content and then providing the users with a download-link to the ISA server (remember, that link will direct to a folder on the ISA Server, not the Adobe website).
If you trust the Adobe websites, then you should be able to configure a policy in Webmonitor that will pass through the content directly to the users, therefore no longer stuffing your ISA Server with all the files.
Alternatively, if this scenario does not apply, then you can escalate to the GFI designers through the GFI Support team, as long as you have a maintenance contract. However, for them to take this case to a higher level, you will probably need to be able to demonstrate that the problem is directly linked with the installation of the GFI plugin, and that the problem disappears when the plugin is disabled in ISA Server.
_____________________________
Regards,
Spidermouse
----------------------------------------------------------
Mythbusters - busting myths since 1972...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
) is at work here. I have seen some of these things here as well. If so, try going to c:\program files\common\files\adobe and manually start the Adobe Updater. Go to the settings and set them to never check. Maybe it helps...