Can someone explain this (corporate) trendnet.org web-proxy behavior?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I was looking at the log files for our web server at $Dayjob.

Specifically, I was looking at log entries made as a result of our
software (running on customer machines) performing software update
checks.  The software performs an http-get request to our web server to
access a specific URL.

Every once in a while, I run a dedicated program that scans through the
logs to tease out these update requests.  A few days ago I noticed
something peculiar for one of our customers (a large hospital system in
the mid-west US):

150.70.172.105
(iad1-wtp-gd-maya5.sdi.trendnet.org)

150.70.75.177
(sjdc-wtp-g2-maya4.sdi.trendnet.org)

In other words, the http request was not made from an ip address
assigned to the hospital - but instead it came from the above-mentioned
IP addresses.  These seem to be based in Japan.

I can't find that much related to those IP addresses or trendnet.org, or
what sort of product could be in play here.  I did find this:

http://www.mywot.com/en/forum/14954-150-70-75-176-false-positives-for-phishing

So does anyone know if Trendnet has some sort of corporate product along
the lines of a web-proxy that diverts some (or most, or all?) of a
client machine's http traffic through a Trendnet machine (presumably to
perform real-time threat detection) ???

And if so, why not use a US-based machine for US-based clients?  Why
Japan in this case?

Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?


Quoted text here. Click to load it

You must be using a TrendMicro anti virus or other TrendMicro solution.

TrendMicro is Internationalized.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?

"David H. Lipman" wrote:
 
Quoted text here. Click to load it


Remember - it's not *me* that's using this trendmicro or trendnet
product.

An institutional computer owned by one of our customers has this unknown
trend product on *their* PC, and it's causing their hits to our server
appear as if they're coming from:

 150.70.172.105
 (iad1-wtp-gd-maya5.sdi.trendnet.org)

 150.70.75.177
 (sjdc-wtp-g2-maya4.sdi.trendnet.org)

Quoted text here. Click to load it

The domain trendnet.org is indeed owned by Trend Micro.

So my question (again) is - what Trend Micro security product has the
effect of routing some (or most, or all?) of the http-get requests on a
client PC through a trendnet.org machine?

And - why not use a US-based machine for US-based clients?  Why use a
machine located in Japan?

Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?


Quoted text here. Click to load it

That pretty well answers my question concerning berating. Hard to believe
you're in some fashion tied into any I.T. work ...Scary infact...

Good luck getting the answers you seek with the kickass attitude you
consistently display. The DNS one being the funniest so far.
 
Quoted text here. Click to load it

Why not ask trend?



--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Can someone explain this (corporate) trendnet.org web-proxy behavior?


Quoted text here. Click to load it

Oh wow. You're in IT? Seriously? LMFAO!
 
Quoted text here. Click to load it

If we answer, won't you just berate us again?
 


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Site Timeline