[Dshield] Help decoding Hotmail URLs
Andy Hopkins (healthAlliance)
Andy.Hopkins at healthalliance.co.nz
Mon Jan 8 02:58:56 GMT 2007
Does anyone have any experience in decoding the Hotmail URLs as logged
by an M$ ISA server?
We have an e-mail sent from a Hotmail account, from internal to our
network, to a user on our network. I can see from proxy logs who was
accessing hotmail at the time, but need to break it down a bit further
before jumping on folks PC's.
Also, any happen to know if an entire Hotmail session is server by one
server or not? E.g. the first "Received" header is
Received: from 210.aa.b.ccc by by21fd.bay21.hotmail.msn.com with HTTP;
Sun, 07 Jan 2007 22:09:56 GMT
Would it be fair to say that the entire session would have been against
RHCE, GIAC/GSEC, GCFA
UNIX & IT Security Team Leader
DDL: (+64) (9) 487 1507
Mobile: (+64) (21) 285 2139
The views and information expressed in this e-Mail are actually mine,
because my wife says so!
Although, healthAlliance doesn't necessarily agree with me
This e-mail message and any accompanying attachments may contain information that is confidential and subject to legal privilege. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message.
More information about the list