We had a user by "mistake" trying to access the famous F...in Facebook page and now I'm having some hell with it. The page is blocked by rule on the Firewall so you can not access but I keep having attempts made on port 80 and I need to figure out what infected the network and which machine. I've had attempts made on 4 different machines from 4 different IP addresses, the logs show the attempt but of course the user of those machines don't actually try and access the site via their IE browser. I know the users are telling me the truth since one of those machines is my test machine. How do I go about narrowing this problem down? Any feedback with this nu sense would be appreciated.
Firewall: TZ-170 Standard
Firmware: SonicOS Standard 3.1.6.3-4s
log example of the HTTP attempt:
10/14/2009 08:37:56.816 - Web site access denied - 192.168.0.173, 1476, LAN - 69.63.186.30, 80, WAN - Category:99 - MAC address: 00:1a:a0:e2:49:82 -
www.facebook.com/extern/login_status.php?api_key=3d3df025825cb31197ae9f135dd147ef&extern=0&c...