Strange Log Entries..
- From: "Anthony Dowling" <antman147@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 24 Apr 2003 22:01:13 +1200
Hi,
I am receiving the following entries for web access from two client machines
I have here, and would like to know how I can disable these machines from
doing this, as the logs fill up very quickly, and this occurs when the
machines are sitting idling.. From my understanding Microsoft Instant
Messenger is the culprit, however, another client with the same version of
instant messenger does not appear to display the same issues.
GFIWebMonitor?
unauthenticated 192.168.1.66 20:59:27 650
http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC
ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=97384641
unauthenticated 192.168.1.66 20:59:27 3929
http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f
5d5c?AN=1.97384641
ISALOG WEBEXTD?.
192.168.1.66 anonymous MSMSGS N 2003-04-24
01:58:56 w3proxy SATURN -
svcs.microsoft.com 207.68.173.249 80 453 328
650 http TCP GET
http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC
ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=72153461
Inet 302 Sjones - Web Clients Sjones - Allow Rule -
Workstation - Pluto
192.168.1.66 anonymous MSMSGS N 2003-04-24
08:59:27 w3proxy
SATURN - - - - -
248 - - TCP GET
http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f
5d5c?AN=1.97384641 - 12202 Sjones - Web Clients
Sjones - Advertisement Deny Rule
I have added rad.msn.com to a deny rule for web access, should this still
appear in the log file if it is denied access? And could I just as easily
add a deny rule for http://svcs.mcirosoft.com/svcs/mms/adxml_main.asp ???
Any ideas on this would be appreciated, if it is just a case of this is how
things are and I should ignore them, then so be it.
Cheers
Ant Dowling.
Other related posts:
