Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] HTTP_Proxy_Cache_Poisoning ?

from [Lorentz, Brian] Network Security [Permanent Link]
Subject: Re: [ISSForum] HTTP_Proxy_Cache_Poisoning ?
Date: Thu, 27 Oct 2005 08:25:04 -0700 

Hic,

We had this problem but it was with the majority of our Proventia
Desktops.  The issue was related to Microsoft SUS updates, and manual
windows updates to some extent.  All of our desktops' SUS windows
updates were being blocked by the Proventia Desktop.  This problem
started a few months back and continued until we added an exception in
the policy for HTTP_Proxy_Cache_Poisoning  

To solve this problem, we had to create a rule that trusted "myself" for
Event ID 2116017 (HTTP_Proxy_Cache_Poisoning).

You may want to look at the windows update process on your server first.

Good luck,
- Brian


-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of hic sonni
Sent: Sunday, October 23, 2005 6:52 AM
To: issforum@iss.net
Subject: [ISSForum] HTTP_Proxy_Cache_Poisoning ?


Hi All,

Hi All,
We've a Web Site (based on IIS) behind a firewall,a
Server Sensor is installed on that Server, I am
getting the event :

"HTTP_Proxy_Cache_Poisoning" , and the Status is :
"Failed attack (blocked at host)" 

The thing that I find abnormal: is that this event is
from the Local Server to the Internet, (Inside-->
outside), more, we  have neither a Proxy behind the
machine nor a proxy is installed on the Server,  

My question is: 

Why I ma getting "Failed attack (blocked at host)"
since the event (attack) is outgoing from the Server? 

I remarked that the access to our site is somehow
slow,  does the BLOKE action involve it?



Thanks
Hic Sonni


                
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ISSForum] Network Sensor Problem, Jeff Ames
Next by Date:  Re: [ISSForum] Server Sensors that just die, CAUSEY, David
Previous by Thread:  [ISSForum] HTTP_Proxy_Cache_Poisoning ?, hic sonni
Next by Thread:  [ISSForum] Internet Scanner 7.2 problem with vuln scans needing admin priviledge, holger . reichert
Indexes:  [Date] [Thread] [Top] [All Lists]