I was looking at the log files for our web server at $Dayjob.
Specifically, I was looking at log entries made as a result of our
software (running on customer machines) performing software update
checks. The software performs an http-get request to our web server to
access a specific URL.
Every once in a while, I run a dedicated program that scans through the
logs to tease out these update requests. A few days ago I noticed
something peculiar for one of our customers (a large hospital system in
the mid-west US):
In other words, the http request was not made from an ip address
assigned to the hospital - but instead it came from the above-mentioned
IP addresses. These seem to be based in Japan.
I can't find that much related to those IP addresses or trendnet.org, or
what sort of product could be in play here. I did find this:
So does anyone know if Trendnet has some sort of corporate product along
the lines of a web-proxy that diverts some (or most, or all?) of a
client machine's http traffic through a Trendnet machine (presumably to
perform real-time threat detection) ???
And if so, why not use a US-based machine for US-based clients? Why
Japan in this case?