[isalist] Re: Interesting question...
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>, Steve Moffat <steve@xxxxxxxxxx>
- Date: Thu, 30 Mar 2006 19:03:49 -0800
http://www.ISAserver.org
-------------------------------------------------------
What, "Broke Back?" That's prob your style ;)
t
On 3/30/06 6:37 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> 2 words come to mind and they ain't mountain man.....:)~
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Thursday, March 30, 2006 10:08 PM
> To: ISA Mailing List
> Subject: [isalist] Re: Interesting question...
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Is that ignorance you are showing? That's funny... It looked like your
> ass to me ;))))))))
>
>
> t
>
>
> On 3/30/06 5:52 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all:
>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Showing my ignorance again...:(..I always thought NAT supplied the
>> external IP to hide your internals...oh well, one learns something new
>
>> every day about tcp stuff.....
>>
>> S
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Jim Harrison
>> Sent: Thursday, March 30, 2006 9:51 PM
>> To: ISA Mailing List
>> Subject: [isalist] Re: Interesting question...
>>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Nope - it's not.
>> NAT doesn't break the TCP connection; proxy does.
>>
>> This is CERN proxy behavior; the upstream server is blissfully
>> ignorant of the "real" client IP.
>> It *may * have access to such niceties as user-agent, but those are
>> not guaranteed.
>>
>> -------------------------------------------------------
>> Jim Harrison
>> MCP(NT4, W2K), A+, Network+, PCG
>> http://isaserver.org/Jim_Harrison/
>> http://isatools.org
>> Read the help / books / articles!
>> -------------------------------------------------------
>>
>>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Steve Moffat
>> Sent: Thursday, March 30, 2006 17:31
>> To: ISA Mailing List
>> Subject: [isalist] Re: Interesting question...
>>
>> You are correct, It's doing NAT.
>>
>>
>>
>> S
>>
>>
>>
>> ________________________________
>>
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Ball, Dan
>> Sent: Thursday, March 30, 2006 8:26 PM
>> To: ISA Mailing List
>> Subject: [isalist] Interesting question...
>>
>>
>>
>> I was trying to assist someone with logging traffic, and this is the
>> explanation I got...
>>
>>
>>
>> ----------Quote----------
>>
>> Our network consists of a single Internet filter on the outisde
>>
>> (Screendoor) with several ISA 2000 and 2004 servers behind it. The
>> client computer makes a request to a web site that will be blocked by
>> screen door, it passes out the ISA server to Screendoor, Screendoor
>> blocks it and the client ends up with a page could not be displayed
>> message. Of course Screendoor in that example doesn't know what
>> private ip address that request came from only the ISA server does, in
>
>> my case the ISA 2004 server is configured in firewall/cache mode.
>> Because of the problem we had been having with screendoor allowing the
>
>> bad site to load if the user refreshed enough times we told screendoor
>
>> to redirect the user to another site instead of just blocking them.
>> The redirected site will be on our local web server. What I was
>> asking is if we could embed a script of some sort on that local web
>> site that would collect their private ip address as well as the local
>> nds/ad username and store it in a log file. I'm trying to avoid
>> requiring the users to login to the Internet separately from logging
>> into the network and because the Internet filter is outside the
>> firewall integrating it with nds/ad isn't really an option either.
>> We're ultimately moving to a Dansguardian solution anyway and possibly
>
>> several of them (inside each firewall and one possibly outside the
>> firwall where Screendoor currently sits) so it will become a mute
> point eventually anyway.
>>
>> ----------End Quote----------
>>
>>
>>
>> Am I correct to assume that all traffic coming out of the ISA server
>> would be stripped of all identifying information, and the server it
>> was redirected to would only show the IP of the screendoor/ISA server?
>>
>>
>>
>>
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
