Re: Firewall(s) "maxed" out

["Johann G. Hautzinger" <trema () eic at>]

Joseph S D Yao wrote:
> > During the past two days, both of these firewalls became "maxed" out, for
> > lack of a better term.  Specifically, both machines had reached their
> > maxtask limits and could no longer fork any new processes.  A check of the
> > systems revealed very large numbers of HTTP connections from individual
> > internal client workstations.
> >
> > Does anyone know of some "new" browser plug-in or service pack which could
> > be responsible for this ??  ...
>
> Tell your users to keep JavaScript turned off when browsing the
> publicly accessible Internet, especially when browsing their porn
> sites.  ;-}  We had noticed in our firewall logs that some users
> visiting sites meriting reprimand had all of a sudden blossomed dozens
> within seconds.  We also found out why.
>
> Also, make sure that your users have internal domains in their
> Exceptions or No-Proxy lists.  Otherwise, all attempts to hit internal
> Web sites will be mediated by the Web proxy.

... which reminds me of a very useful tool: go to
http://www.junkbuster.com and have a look. we are using a chain of
proxies, squid - junkbuster - tis kits' http-gw to "bust junk out of our
users' life" (including, porn, java[script], ads,...) turning of things
is quite easy - turning on desired content might cause you to give it a
thought or two ;-)

hth Hannes

-- 
Johann Georg Hautzinger,  email: trema () eic at,  Tel.: 531 00 1907
Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier
Boersegasse 14, 1010 Wien            http://treasury.erstebank.at