Re: Keeping a particular intruder out
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 23 Jun 2006 22:37:08 -0700
Not a clean, neat built-in way that captures the correlation with
what is seen in the IIS logs, at least not that I know of. There
are ways to get the network stack view, but that is uncorrelated.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
"Peter" <me@xxxxxxxxxxx> wrote in message
news:i8SdnRNR9571jgHZRVnytA@xxxxxxxxxxxx
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in news:uwo7hjtlGHA.1240
@TK2MSFTNGP05.phx.gbl:
From where are you getting the IP? The IIS logs?
Yes
IPsec uses the IP as actually in use, where as the IP logged in
the IIS logs seems to be from the http headers. I have run into
this before when trying to subvert pests with IPsec barring rules
when apparently the originating machine is behind a NAT so
that there is an outer IP in actual use by the network stack
that you much determine in order to block with IPsec.
So it seems.
Thanks for replying...
I can always fall back on to plan 'B' (which is a home-grown ISAPI filter
on the 'mod_rewrite' principle) so it's not the end of the world, but can
IPSEC (or any other IIS feature) be persuaded to part with the 'true' IP
information I want?
(2003 + SP1, if that is relevant)
.
- References:
- Keeping a particular intruder out
- From: Peter
- Re: Keeping a particular intruder out
- From: Roger Abell [MVP]
- Re: Keeping a particular intruder out
- From: Peter
- Keeping a particular intruder out
- Prev by Date: Re: file security/authentication
- Next by Date: Re: security error in IIS logs (401.2 error)
- Previous by thread: Re: Keeping a particular intruder out
- Next by thread: Re: Keeping a particular intruder out
- Index(es):
Relevant Pages
|
