• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

URL with and without readable information

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> URL with and without readable information Page: [1]
Login
Message << Older Topic   Newer Topic >>
URL with and without readable information - 27.Jan.2011 2:55:37 PM   
jtheboywonder

 

Posts: 21
Joined: 9.Mar.2009
Status: offline
I have two questions really from the group:

1. Why is it that for some if not most communication you get a full URL string with CMD, USER, DEVICEID and DEVICETYPE, but on some connections you get a random (I am assuming encrypted or something) set of characters similar to kqcHjOrfaGqNims4ElJneBDcZLdYCU1A= ??? The username still shows, source and destinations still show, and activity still happens, but why is there no insight (unless you read code) on these connections? I am assuming this is a code reference because i can see a couple of patters such as CU1A at the end of the strings and what appears to be an encoded username at the beginning, but how would you view this? Am I overlooking the obvious?

2. With that in mind, I think I am getting an error by certain devices when they attempt to make a connection but wait too long (maybe this is a device setting) all of which have a higher than average processing time (although there are longer connections that are successful) and all of which have the randomized character sting as described above, and give a failed connection attempt of 10054 as listed below? Any ideas on the source of the error and how to see if it really is a problem or an expected behavior?

Log type: Web Proxy (Reverse)
Status: 10054 An existing connection was forcibly closed by the remote host.
Rule: ActiveSync for mobileUsersRule
Source: External (xxx.xxx.xxx.xxx)
Destination: (xxx.xxx.xxx.xxx:443)
Request: POST http://aserver.com/Microsoft-Server-ActiveSync?UAwF4MCQi9DVbHYhfIIrwBGHGbosCU1A=
Filter information: Req ID: 119a25e2; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: (LDAP)username

Additional information
Client agent:
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 68437 ms
MIME type:
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> URL with and without readable information Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts