Results 1 to 5 of 5

Thread: Can someone explain this (corporate) trendnet.org web-proxy behavior?

  1. #1
    Virus Guy Guest

    Can someone explain this (corporate) trendnet.org web-proxy behavior?

    I was looking at the log files for our web server at $Dayjob.

    Specifically, I was looking at log entries made as a result of our
    software (running on customer machines) performing software update
    checks. The software performs an http-get request to our web server to
    access a specific URL.

    Every once in a while, I run a dedicated program that scans through the
    logs to tease out these update requests. A few days ago I noticed
    something peculiar for one of our customers (a large hospital system in
    the mid-west US):

    150.70.172.105
    (iad1-wtp-gd-maya5.sdi.trendnet.org)

    150.70.75.177
    (sjdc-wtp-g2-maya4.sdi.trendnet.org)

    In other words, the http request was not made from an ip address
    assigned to the hospital - but instead it came from the above-mentioned
    IP addresses. These seem to be based in Japan.

    I can't find that much related to those IP addresses or trendnet.org, or
    what sort of product could be in play here. I did find this:

    http://www.mywot.com/en/forum/14954-...s-for-phishing

    So does anyone know if Trendnet has some sort of corporate product along
    the lines of a web-proxy that diverts some (or most, or all?) of a
    client machine's http traffic through a Trendnet machine (presumably to
    perform real-time threat detection) ???

    And if so, why not use a US-based machine for US-based clients? Why
    Japan in this case?

  2. #2
    David H. Lipman Guest

    Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?

    From: "Virus Guy" <Virus@Guy.com>

    > I was looking at the log files for our web server at $Dayjob.
    >
    > Specifically, I was looking at log entries made as a result of our
    > software (running on customer machines) performing software update
    > checks. The software performs an http-get request to our web server to
    > access a specific URL.
    >
    > Every once in a while, I run a dedicated program that scans through the
    > logs to tease out these update requests. A few days ago I noticed
    > something peculiar for one of our customers (a large hospital system in
    > the mid-west US):
    >
    > 150.70.172.105
    > (iad1-wtp-gd-maya5.sdi.trendnet.org)
    >
    > 150.70.75.177
    > (sjdc-wtp-g2-maya4.sdi.trendnet.org)
    >
    > In other words, the http request was not made from an ip address
    > assigned to the hospital - but instead it came from the above-mentioned
    > IP addresses. These seem to be based in Japan.
    >
    > I can't find that much related to those IP addresses or trendnet.org, or
    > what sort of product could be in play here. I did find this:
    >
    > http://www.mywot.com/en/forum/14954-...s-for-phishing
    >
    > So does anyone know if Trendnet has some sort of corporate product along
    > the lines of a web-proxy that diverts some (or most, or all?) of a
    > client machine's http traffic through a Trendnet machine (presumably to
    > perform real-time threat detection) ???
    >
    > And if so, why not use a US-based machine for US-based clients? Why
    > Japan in this case?


    You must be using a TrendMicro anti virus or other TrendMicro solution.

    TrendMicro is Internationalized.

    --
    Dave
    Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
    http://www.pctipp.ch/downloads/dl/35905.asp


  3. #3
    Virus Guy Guest

    Re: Can someone explain this (corporate) trendnet.org web-proxybehavior?

    "David H. Lipman" wrote:

    > >
    > > So does anyone know if Trendnet has some sort of corporate
    > > product along the lines of a web-proxy that diverts some
    > > (or most, or all?) of a client machine's http traffic
    > > through a Trendnet machine (presumably to perform real-time
    > > threat detection) ???


    > You must be using a TrendMicro anti virus or other TrendMicro
    > solution.


    Remember - it's not *me* that's using this trendmicro or trendnet
    product.

    An institutional computer owned by one of our customers has this unknown
    trend product on *their* PC, and it's causing their hits to our server
    appear as if they're coming from:

    150.70.172.105
    (iad1-wtp-gd-maya5.sdi.trendnet.org)

    150.70.75.177
    (sjdc-wtp-g2-maya4.sdi.trendnet.org)

    > TrendMicro is Internationalized.


    The domain trendnet.org is indeed owned by Trend Micro.

    So my question (again) is - what Trend Micro security product has the
    effect of routing some (or most, or all?) of the http-get requests on a
    client PC through a trendnet.org machine?

    And - why not use a US-based machine for US-based clients? Why use a
    machine located in Japan?

  4. #4
    Dustin Guest

    Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?

    Virus Guy <Virus@Guy.com> wrote in news:4F79B79A.26AC175C@Guy.com:

    > I was looking at the log files for our web server at $Dayjob.


    Oh wow. You're in IT? Seriously? LMFAO!

    > So does anyone know if Trendnet has some sort of corporate product
    > along the lines of a web-proxy that diverts some (or most, or all?)
    > of a client machine's http traffic through a Trendnet machine
    > (presumably to perform real-time threat detection) ???


    If we answer, won't you just berate us again?



    --
    Character is doing the right thing when nobody's looking. There are too
    many people who think that the only thing that's right is to get by, and
    the only thing that's wrong is to get caught. - J.C. Watts

  5. #5
    Dustin Guest

    Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?

    Virus Guy <Virus@Guy.com> wrote in news:4F79DA01.FF255B87@Guy.com:

    > So my question (again) is - what Trend Micro security product has the
    > effect of routing some (or most, or all?) of the http-get requests on a
    > client PC through a trendnet.org machine?


    That pretty well answers my question concerning berating. Hard to believe
    you're in some fashion tied into any I.T. work ...Scary infact...

    Good luck getting the answers you seek with the kickass attitude you
    consistently display. The DNS one being the funniest so far.

    > And - why not use a US-based machine for US-based clients? Why use a
    > machine located in Japan?


    Why not ask trend?



    --
    Character is doing the right thing when nobody's looking. There are too
    many people who think that the only thing that's right is to get by, and
    the only thing that's wrong is to get caught. - J.C. Watts

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •