Results 1 to 3 of 3
  1. #1
    Untangler
    Join Date
    Dec 2008
    Posts
    98

    Default The same traffic apparently passing multiple racks

    I have multiple racks to allow different behavior for different users, and also time based policies. What I do is:

    192.168.1.160-169 always goes through a very unrestricted rack called "open".

    Any traffic to an internet entertainment organization goes through the unrestricted rack to bypass file/mime type filtering of the more restricted rack ("open").

    192.168.1.150-159 has two different time policies (racks), one for midnight to 6am which allows p2p and normally blocked file/mime types, and another for 11am to 3pm which allows only the normally blocked file/mime types.

    Then there's the "default" rack to catch 192.168.1.150-159 during the other (normal) hours

    Then there's a catch all blocked rack to catch people who got onto the network by breaking into the wireless network. The DHCP is set to give out 192.168.1.145-149 and that is routed to the blocked rack, firewall is set to block all.

    OK, all seems good right? But I have traffic in the 192.168.1.160-169 range ending up in the midnight to 6am rack even though that IP range shouldn't be ending up there ever. On top of that it's happening at 2pm. The 192.168.1.160-169 traffic appears to also be going through the proper "open" rack.

    Any ideas?

  2. #2
    Untangler
    Join Date
    Dec 2008
    Posts
    98

    Default Update

    Update: if you look at the screen shot of the midnight to 6am rack you'll see that it only handled 300 web requests which is appropriate for that time of night. But when I look at the events where I'm seeing all the traffic that shouldn't be there, there's tons of pages (more than 300 hits, more like 1250). So maybe the events data is just messed up.

  3. #3
    Untangler
    Join Date
    Dec 2008
    Posts
    98

    Default

    So is this a bug in the reporting?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2