flashlightlens
Newly Enlightened
I'm trying to deal with Qwest in working out some speed issues with our T1 internet line. They seem to think we have a virus that is saturating the line with port 80 requests.
Here's a little background:
Of the past two times we've had issues with our internet line, it's been because of Qwest's edge router going down.
We have about 200 workstations all set up to use an http proxy server for their web traffic. The setting was added to each using the "Internet Options" dialog.
Qwest says that they see a whole bunch of traffic on port 80 coming from one machine. No Sh*&! That's my proxy server. Of course they'll see a bunch of traffic from there. The 200 workstations will send ALL of their legitimate port 80 browser traffic there.
Here's my question:
Will a virus that sends port 80 requests use my proxy server? Does setting the proxy settings in Internet Options affect ALL port 80 traffic from that machine? Or does it only affect traffic sent through a browser? Will a virus that sends out port 80 requests know to use that proxy setting, or will it bypass it?
Personally, I think we're just stressing out our T1 and we need to add a second. I look at every log available to me and only see legitimate traffic. Usually, a virus that sends out requests on port 80, 135, etc. will stick out like a sore thumb. I just don't see it!
Here's a little background:
Of the past two times we've had issues with our internet line, it's been because of Qwest's edge router going down.
We have about 200 workstations all set up to use an http proxy server for their web traffic. The setting was added to each using the "Internet Options" dialog.
Qwest says that they see a whole bunch of traffic on port 80 coming from one machine. No Sh*&! That's my proxy server. Of course they'll see a bunch of traffic from there. The 200 workstations will send ALL of their legitimate port 80 browser traffic there.
Here's my question:
Will a virus that sends port 80 requests use my proxy server? Does setting the proxy settings in Internet Options affect ALL port 80 traffic from that machine? Or does it only affect traffic sent through a browser? Will a virus that sends out port 80 requests know to use that proxy setting, or will it bypass it?
Personally, I think we're just stressing out our T1 and we need to add a second. I look at every log available to me and only see legitimate traffic. Usually, a virus that sends out requests on port 80, 135, etc. will stick out like a sore thumb. I just don't see it!