OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ralph Los (RLosenteredge.com)
Date: Thu Apr 04 2002 - 10:30:57 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Open up a packet sniffer, and track which ports are being used by the IIS
    box out-bound to the client(s). Also...open all ports on the IIS box, and
    set up a program like TCPView, or use Netstat to see the incoming
    connections from the IIS box --> client, and thus isolate your issue that
    way.

    There are a bunch of ways to go about this, most of them involve being at
    either one end of the conversation or the other, or both

    Cheers, post your findings, k?

    ----------------------------------------|
    Ralph M. Los
    Sr. Security Engineer and Trainer
              EnterEdge Technology, L.L.C.
              rlosenteredge.com
              (770) 955-9899 x.206
    ----------------------------------------|

    ::-----Original Message-----
    ::From: volkovskbkontur.ru [mailto:volkovskbkontur.ru]
    ::Sent: Wednesday, April 03, 2002 12:13 PM
    ::To: focus-mssecurityfocus.com
    ::Subject: A question regarding the way how IIS gets the CRL's
    ::
    ::
    ::Hello all,
    ::We have created some web-based application and installed it
    ::for the customer; It is running on IIS 5.0 - thus W2K. Now,
    ::all the clients are allowed to work with this application if
    ::and only if they have a client certificate; only the port 443
    ::is open. So this web-server supports only HTTPS. The problem
    ::is as following: we also run the Certification Authority at
    ::our office, and with its help we distribute the certificates
    ::for that web-application. Thus, we also publish the CRL's
    ::every month on our server, and the IIS at the customer's
    ::knows, where it is to look for the CRL's. But - the port 443
    ::is not enough for it, and also if we open the port 80 it
    ::still rejects all the client's certificates, saying that it
    ::is not able to check the CRL. Though, if we open all ports at
    ::the customer's service, it is able to check the CRL - and the
    ::client's certificate. Therefore we suppose, that IIS uses
    ::some special port or some special way to get the CRL from a
    ::remote CA. But we were not able to figure out, which way? Can
    ::anyone help? Thank you,
    ::
    ::Leonid Volkov
    ::
    ::*********************
    ::IT Lab, SKB Kontur, Ekaterinburg, Russia
    ::volkovskbkontur.ru
    ::http://otchet.skbkontur.ru
    ::http://www.skbkontur.ru
    ::+007(3432)343446
    ::
    ::