Re: Authentication on outgoing web requests on ISA

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 17 Apr 2004 18:15:13 -0700

This is normal behavior for almost every browser on this planet.
It generates the anonymous requests for every link it asks for.
ISA also logs every request it receives from a client.
Since authentication traffic can take up to 4 request/response cycles, you'll 
see them all as "anonymous".

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, April 17, 2004 07:37
Subject: [isalist] Re: Authentication on outgoing web requests on ISA


http://www.ISAserver.org

Hi jim,
Thanks for the response. Yes I can see that succesful connection from the
log for "RIYADH\jtena" .
Actually, my question is why is it anonymous for the first 2-3 requests and
then we culd see "RIYADH\jtena" . But, initially, it was anonymous, why?? Is
it the normal behavior of ISA? IF so Can we overcome this?? I have also
specified authentication on outgoing web request then why does it show
anonymous initially
Is there any KB article explaining this behavior??

Yes, actually iam trying to block these spywares with the help of ISA LOGS,
understading SC-Result codes.

Thanks,
Athif

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Saturday, 17 April 2004 5:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Authentication on outgoing web requests on ISA


http://www.ISAserver.org

Quit using hotbar.
It and Gator (that comes with it) are some of the worst spyware apps on the
Internet.

The only successful connection (sc-result = 200) wasn't anonymous:

172.20.45.79, RIYADH\jtena, Mozilla/4.0 (compatible; MSIE 5.01; Windows NT
5.0; Hotbar 4.4.2.0), Y, 4/16/2004, 0:14:38, w3proxy, IT-ISA01, -,
212.93.193.87, 212.93.193.87, 8080, 500, 488, 495, http, -, GET,
http://spweather.whenu.com/summary/SA/XX/0017.html
<http://spweather.whenu.com/summary/SA/XX/0017.html> , -, Upstream, 200, -,

Your username "RIYADH\jtena" is clearly listed in the log.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG  http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: <mathif@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, April 17, 2004 02:58
Subject: [isalist] Authentication on outgoing web requests on ISA


http://www.ISAserver.org

Hi Folks,
I have a question regarding Authentication in ISA. I have defined
Authentication on outgoing web requests on ISA. Even then, I can see
Anonymous in the logs. What is the exact reason for this behavior and how
can I avoid this??

172.20.70.176, anonymous, Gator/4.1 Precision Time
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, N, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, gatorcme.gator.com, -, 80, 0, 424, 4168, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installprecisiontime.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installprecisiontime.exe> ,
-, -, 407, -, -, - 172.20.70.176, anonymous, Gator/4.1 Date Manager
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, N, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, gatorcme.gator.com, -, 80, 0, 420, 4168, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe> , -,
-, 407, -, -, - 172.20.70.176, anonymous, Gator/4.1 Precision Time
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, N, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, gatorcme.gator.com, -, 80, 0, 0, 936, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installprecisiontime.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installprecisiontime.exe> ,
-, -, 407, -, -, - 172.20.70.176, anonymous, Gator/4.1 Date Manager
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, N, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, gatorcme.gator.com, -, 80, 0, 0, 932, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe> , -,
-, 407, -, -, - 172.20.70.176, RIYADH\salmaliek, Gator/4.1 Precision Time
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, Y, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, -, -, 0, 0, 676, 0, -, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installprecisiontime.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installprecisiontime.exe> ,
-, -, 12209, -, -, - 172.20.70.176, RIYADH\salmaliek, Gator/4.1 Date Manager
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, Y, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, -, -, 0, 0, 672, 0, -, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe
<http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe> , -,
-, 12209, -, -, - 172.20.70.176, anonymous, Gator/4.1 Precision Time
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, N, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, gatorcme.gator.com, -, 80, 0, 467, 4168, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/precisiontime.ini
<http://gatorcme.gator.com/gatorcme/autoupdate/precisiontime.ini> , -, -,
407, -, -, - 172.20.70.176, anonymous, Gator/4.1 Precision Time
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, N, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, gatorcme.gator.com, -, 80, 0, 0, 979, http, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/precisiontime.ini
<http://gatorcme.gator.com/gatorcme/autoupdate/precisiontime.ini> , -, -,
407, -, -, - 172.20.70.176, RIYADH\salmaliek, Gator/4.1 Precision Time
{57FDF598-7C93-400F-B877-1FDE9DB7793A}, Y, 4/16/2004, 0:00:20, w3proxy,
IT-ISA01, -, -, -, 0, 0, 719, 0, -, -, GET,
http://gatorcme.gator.com/gatorcme/autoupdate/precisiontime.ini
<http://gatorcme.gator.com/gatorcme/autoupdate/precisiontime.ini> , -, -,
12209, -, -, -
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------------
------------------
172.20.45.79, anonymous, Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0;
Hotbar 4.4.2.0), N, 4/16/2004, 0:14:37, w3proxy, IT-ISA01, -,
spweather.whenu.com, -, 80, 0, 268, 4114, http, -, GET,
http://spweather.whenu.com/summary/SA/XX/0017.html
<http://spweather.whenu.com/summary/SA/XX/0017.html> , -, -, 407, -, -, -
172.20.45.79, anonymous, Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0;
Hotbar 4.4.2.0), N, 4/16/2004, 0:14:37, w3proxy, IT-ISA01, -,
spweather.whenu.com, -, 80, 0, 0, 718, http, -, GET,
http://spweather.whenu.com/summary/SA/XX/0017.html
<http://spweather.whenu.com/summary/SA/XX/0017.html> , -, -, 407, -, -, -
172.20.45.79, RIYADH\jtena, Mozilla/4.0 (compatible; MSIE 5.01; Windows NT
5.0; Hotbar 4.4.2.0), Y, 4/16/2004, 0:14:38, w3proxy, IT-ISA01, -,
212.93.193.87, 212.93.193.87, 8080, 500, 488, 495, http, -, GET,
http://spweather.whenu.com/summary/SA/XX/0017.html
<http://spweather.whenu.com/summary/SA/XX/0017.html> , -, Upstream, 200, -,
-, -

>From the logs, I can see initially it will be anonymous, at the end of 
>line
it says 407 which means authentication required which is defined on Outgoing
Web Requests,then why does it shows ANONYMOUS. How do I avoid this??!!

TIA,
Athif


  ----------------------------------------------------- 
 This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom/which they are
addressed. If you have received this email in error please notify the system
manager at the following email address: sadmin@xxxxxxxxxxxxxxx
<mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, arrive late or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
context of this message, which arise as a result of Internet transmission.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Al Faisaliah Group accepts no liability for any damage
caused by any virus transmitted by this email. 
  ----------------------------------------------------- 
 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Authentication on outgoing web requests on ISA
• » Re: Authentication on outgoing web requests on ISA
• » Re: Authentication on outgoing web requests on ISA
• » Re: Authentication on outgoing web requests on ISA
• » Re: Authentication on outgoing web requests on ISA

1. Home
2. isalist
3. Archive
4. 04-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---