[isalist] Re: Chikka Instant MMS Messenger

  • From: "Corciega, Michael P." <MPCorciega@xxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 30 Mar 2006 19:08:54 +0800

http://www.ISAserver.org
-------------------------------------------------------

I got it Jim, below is the log..... I just blocked HTTP and HTTPS port
of the IP 209.10.203.102


Original Client IP      Client Agent    Authenticated Client    Service
Referring Server        Destination Host Name   Transport       HTTP
Method  MIME Type       Object Source   Source Proxy    Destination
Proxy   Bidirectional   Client Host Name        Filter Information
Network Interface       Raw IP Header   Raw Payload     GMT Log Time
Source Port     Processing Time Bytes Sent      Bytes Received  Cache
Information     Error Information       Log Time        Client IP
Destination IP  Destination Port        Protocol        Action  Rule
Result Code     HTTP Status Code        Client Username URL     Source
Network Destination Network     Server Name     Log Record Type
192.168.2.169   chikka.exe:3:5.1                        -
TCP     -       -                                               -
3/30/2006 10:39:59 AM   2130    0       0       0       0x0     0x0
3/30/2006 6:39:59 PM    192.168.2.169   209.10.203.102  443     HTTPS
Initiated Connection    NASS Rule       0x0             QCGMA\mpc-admin
-       Internal        External        SHR8    Firewall


Thanks for the help

Mykel


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Saturday, March 18, 2006 10:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Chikka Instant MMS Messenger

http://www.ISAserver.org

Time to start looking into the logs.
We're answering the questions you ask based on the information you're
providing.
Clearly, you're missing something here...

-----Original Message-----
From: Corciega, Michael P. [mailto:MPCorciega@xxxxxxxxxxxxxx] 
Sent: Friday, March 17, 2006 8:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Chikka Instant MMS Messenger

http://www.ISAserver.org


Did what you suggested Jim, placed the rule on top, blocked HTTP &
HTTPS, from: Internal, to: *.chikka.com (I used * just to make sure
everything will be blocked), all content types..... still passes thru
..... this apps (chikka) really gives me a headache man! 

 

Mykel

 

 

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Wednesday, March 15, 2006 1:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Chikka Instant MMS Messenger

 

http://www.ISAserver.org

Not likely.

ISA can't "see into" SSL tunnels.

 

All you have to do is create a domain name set with
"register.chikka.com" and use it in a deny rule that comes before any
allow rule.

 

________________________________

From: Corciega, Michael P. [mailto:MPCorciega@xxxxxxxxxxxxxx] 
Sent: Tuesday, March 14, 2006 7:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Chikka Instant MMS Messenger

 

http://www.ISAserver.org

Hi Everyone!

 

I'm trying to block this service from ISA2004 thru Configure HTTP using
Signature or Headers yet still users can still connect to this internet
service. Below are the info's I got (using ethereal). The service is
using 443 as it's port connection. 

 

Is configuring HTTP will also affect HTTPS?

 

POST /tracker.php HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Microsoft URL Control - 6.00.8862

Host: register.chikka.com

Content-Length: 33

Cache-Control: no-cache

 

chikkaid=639273451095&client_id=0

 

Please help. I can't migrate some of our clients to this server if I
cannot block this thing.

 

Thanks,

 

Mykel

 

DISCLAIMER:
This Message may contain confidential information intended only for the
use of the addressee named above. If you are not the intended recipient
of this message you are hereby notified that any use, dissemination,
distribution or reproduction of this message is prohibited. If you
received this message in error please notify your Mail Administrator and
delete this message immediately. Any views expressed in this message are
those of the individual sender and may not necessarily reflect the views
of GMA Network, Inc.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mpcorciega@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

DISCLAIMER:
This Message may contain confidential information intended only for the
use of the addressee named above. If you are not the intended recipient
of this message you are hereby notified that any use, dissemination,
distribution or reproduction of this message is prohibited. If you
received this message in error please notify your Mail Administrator and
delete this message immediately. Any views expressed in this message are
those of the individual sender and may not necessarily reflect the views
of GMA Network, Inc.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mpcorciega@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: