Results 1 to 6 of 6
  1. #1
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Default Spyware Filter, Logged Subnet Access?

    Could someone clarify what I am seeing when I look at "Logged Subnet Access"? Does this mean I have PCs with spyware loaded or could it be that these PCs are hitting web sites with links to these subnets? I see mutiliple DNS resolutions requests from my internal DNS server and several hits to ports 80 and 443 in these suspect subnets.

    Great product!

    Thanks!

  2. #2
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    2,008

    Default

    Most likely this one.
    Quote Originally Posted by scot1967 View Post
    or could it be that these PCs are hitting web sites with links to these subnets?
    This reminds of a question I had before and never got around to asking. Not trying to hijack your thread, it just seems appropriate to add to your question here.

    Why can't we choose to block the list that makes up the Subnet List?

  3. #3
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,786

    Default

    The subnets used to be exclusively owned by sites that are blocked by Spyware Blocker, and in some cases, still are. Blocks of IPs get sold here and there, so wholesale blocking would block legitimate sites as well. If I remember correctly, this subnet list will go away sometime in the future.

  4. #4
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    2,008

    Default

    Quote Originally Posted by mdh View Post
    The subnets used to be exclusively owned by sites that are blocked by Spyware Blocker, and in some cases, still are. Blocks of IPs get sold here and there, so wholesale blocking would block legitimate sites as well. If I remember correctly, this subnet list will go away sometime in the future.
    OK. That makes sense i guess.

  5. #5
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Default Thanks

    That is what I thought. These are just http & https hits to web sites within a subnet that is being logged.

    I am not sure what good this is doing. How can these alerts be usefull? It might be better if there were a summary per user/machine. Then I could check machines that have a very high count compared with other machines accessing these suspect subnets. It would be nice to see something like a top 15 subnet accesses per machine. As it is now I only know the destinations and have a flat list of machine accesses based on time.

    Just my two cents...

    Thanks again.

  6. #6
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,786

    Default

    Check detailed reports for Spyware Blocker. You may find what you need there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2