RE: Strange Log Entries..
- From: "Quillman Shawn (RBNA/CIT1.1) *" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 24 Apr 2003 06:47:16 -0500
Yes, those are from MSN Messenger (the piece that sits in the background
keeping track of people online, etc). You will still receive entries in
your logs for denied requests. Only difference is that the status code will
be a code saying it was denied instead of allowed. You could add the other
deny rule, but I tend to stay away from specific pages in rules as are
subject to change a lot more frequently than a domain or a domain with just
a directory path.
"That's how it is and you should ignore it" :) Or blow away Messenger.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Anthony Dowling [mailto:antman147@xxxxxxxxxx]
Sent: Thursday, April 24, 2003 6:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Strange Log Entries..
http://www.ISAserver.org
Hi,
I am receiving the following entries for web access from two client machines
I have here, and would like to know how I can disable these machines from
doing this, as the logs fill up very quickly, and this occurs when the
machines are sitting idling.. From my understanding Microsoft Instant
Messenger is the culprit, however, another client with the same version of
instant messenger does not appear to display the same issues.
GFIWebMonitor...
unauthenticated 192.168.1.66 20:59:27 650
http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC
ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=97384641
unauthenticated 192.168.1.66 20:59:27 3929
http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f
5d5c?AN=1.97384641
ISALOG WEBEXTD....
192.168.1.66 anonymous MSMSGS N 2003-04-24
01:58:56 w3proxy SATURN -
svcs.microsoft.com 207.68.173.249 80 453 328
650 http TCP GET
http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC
ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=72153461
Inet 302 Sjones - Web Clients Sjones - Allow Rule - Workstation
- Pluto
192.168.1.66 anonymous MSMSGS N 2003-04-24
08:59:27 w3proxy SATURN - -
- - - 248 - - TCP
GET
http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f
5d5c?AN=1.97384641 - 12202 Sjones - Web Clients
Sjones - Advertisement Deny Rule
I have added rad.msn.com to a deny rule for web access, should this still
appear in the log file if it is denied access? And could I just as easily
add a deny rule for http://svcs.mcirosoft.com/svcs/mms/adxml_main.asp
<http://svcs.mcirosoft.com/svcs/mms/adxml_main.asp> ...??
Any ideas on this would be appreciated, if it is just a case of this is how
things are and I should ignore them, then so be it.
Cheers
Ant Dowling.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
