[Dshield] Slightly OT - Possible MS Patch Side-effects

rsclark@kingwoodcable.net rsclark at kingwoodcable.net
Thu Sep 25 16:08:20 GMT 2003

Hello all, 

I have an issue where I work and I hope that someone else is seeing
something similar. 

Where I work we have a mix of MS clients (XP/2000) and we have implemented
new proxy servers from WebMarshal to filter and AV scan all http and ftp
traffic. All has been working fine. A couple of weeks ago, we were up here
patching our systems against the newest slew of vulnerabilities, exploits
and worms. Since that time, I am seeing ftp traffic not go through the
proxy servers as it once did, but ignore the proxy directive for ftp
traffic and try to route directly through the firewall. The firewall drops
the traffic as it should. 

This worked before the patches were applied as I was able to pull the
latest version of FreeBSD from ftp.freebsd.org. Http traffic still goes
through the proxys just fine.

I watched with a sniffer between a test box and the proxys to determine if
the test box even made a call to the proxys while starting a ftp
connection. Nothing.  So I fired up Mozilla Firebird which has been on the
box before the patches were applied, setup the proxy settings, and sniffed
a connection back to ftp.freebsd.org. Worked as expected by going through
the proxys. I have also tried this on systems not in our AD domain, same
thing. I have called NetIQ (which now owns WebMarshal) and determined that
it is not the proxy servers. 

So now to the $64,000 question: What in the last round of patches causes IE
to ignore the directive to route all ftp traffic through a proxy? If anyone
else is seeing this sort of weirdness, please comment. If anyone has any
idea of another, more appropriate forum, please point me there. 

Ron Clark

mail2web - Check your email from the web at
http://mail2web.com/ .

More information about the list mailing list