TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Are you running IEAK ??
Maybe this info will help.
* This is the CodeBaseSearchPath. The default is CODEBASE;
http://activex.microsoft.com/objects/ocget.dll
When Internet Component Download is called to download code, it traverses
the Internet Search Path to look for the desired component. This is a list
of Object Store servers that will be queried every time components are
downloaded using GoGetClassObjectFromURL. This way, even if an <OBJECT> tag
in an HTML document does not specify a CODEBASE location to download code
for an embedded OLE control, the Internet Component Download will still use
the Internet Search Path to find the necessary code.
/Karl
> ----------
> From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 25, 2000 19:02
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: FW: RealSecure Console traffic to Microsoft-Global-Net
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
>
>
> The Windows update wizard is not installed.
>
> BUZZ! Thank you for playing. Please try again.
>
> The packets only fly when the console speaks to an engine (Policy update
> or DB
> re-sync).
>
> Ken
>
>
>
>
>
>
>
> [EMAIL PROTECTED] on 02/23/2000 12:08:06 PM
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Kenneth Stephens/GIS/CSC)
> Subject: FW: RealSecure Console traffic to Microsoft-Global-Net
>
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> Here's some interesting info from the person at ISS who we consider a
> "god"
> when it comes to authentication and encryption. I removed his name so
> nobody
> will try to steal him from us! Isn't it great to know smart people?
> :)
>
> -----Original Message-----
> Sent: Wednesday, February 23, 2000 12:04 PM
> To: Droski, Sheila (ISSTexas)
> Subject: RE: RealSecure Console traffic to Microsoft-Global-Net
>
>
> Sheila:
> Ok .. as I suspected, it only poorly correlated with console to engine
> connections (i.e., he probably saw it once and assumed it correlated
> (:>)).
> If he'll uninstall the Windows Update wizard, it will quite making the
> background connections to MS. No magic here .. and someone had to install
> the wizard on his machine intentionally -- it's not installed by default
> AFAIK.
>
>
> -----Original Message-----
> From: Droski, Sheila (ISSTexas)
> Sent: Wednesday, February 23, 2000 12:57 PM
> Subject: FW: RealSecure Console traffic to Microsoft-Global-Net
>
>
> remember when I asked if something in our RSA authentication between
> console
> and engine was trying to talk to MS on boot? Thought you'd get a kick out
> of
> MS's answer!
>
> -----Original Message-----
> From: Marc Delince [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 18, 2000 10:44 AM
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: RE: RealSecure Console traffic to Microsoft-Global-Net
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> And if you contact Microsoft about it, here is their response:
>
> "Good question, Marc.
>
> It turns out that your machine is just being smart and is synch-ing up
> with
> www.microsoft.com for any critical updates for your operating system.
>
> Thanks for your time,
>
> Celia
> Global Network Operations."
>
> I am still waiting for them to respond to my reply asking for a way to get
> my station back to its "dumb" state.
>
> ============================================================
> Marc Delince
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, February 17, 2000 4:25 PM
> To: [EMAIL PROTECTED]
> Subject: RealSecure Console traffic to Microsoft-Global-Net
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
>
>
> In my lab while running down another problem in RealSecure with Microsoft
> encryption, I am seeing an outbound HTTP_Post event from my console
> machine
> whenever I communicate with an engine. Source port is 1406 (TCP)
> destination is
> 207.46.133.14 (HTTP). Info Type is URL, Value is /objects/ocget.dll,
> Partial ARIN listing for this address is:
>
> Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)
> One Microsoft Way
> Redmond, WA 98052-6399
> US
>
> Netname: MICROSOFT-GLOBAL-NET
> Netblock: 207.46.0.0 - 207.46.255.255
>
>
> I haven't torn the packets down to check, but I would guess this is
> Microsoft's
> cert checking process. Can anyone confirm that and save me the trouble of
> running it down?
>
> I'll leave the ranting about how easy it might be to find a console on a
> network if my guess is correct to someone else.
>
> Ken Stephens, CISSP
> Sr. Security Manager
> CSC
>
>
>
>
>
>
>
>
>
>
>
>
>
Visit us at http://www.clearstream.net
IMPORTANT MESSAGE
Internet communications are not secure and therefore Clearstream International does not
accept legal responsibility for the contents of this message.
The information contained in this e-mail is confidential and may be legally
privileged. It is
intended solely for the addressee. If you are not the intended recipient, any
disclosure,
copying, distribution or any action taken or omitted to be taken in reliance on it, is
prohibited and may be unlawful. Any views expressed in this e-mail are those of the
individual sender, except where the sender specifically states them to be the views of
Clearstream International or of any of its affiliates or subsidiaries.
END OF DISCLAIMER
