Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Live\Hotmail Attachments Web Address

Posted on 2010-09-21
2
Medium Priority
?
640 Views
Last Modified: 2012-05-10
Hotmail\Windows Live Attachments ('download' rather than 'view online') are filtered by my proxy server because of a rule I have set. Can anyone tell me what address is actually trying to be accessed when users click on 'download' next to an attachment?

I have many hundred rules deny accessing to domain names, wildcard rules etc etc.

Thanks
0
Comment
Question by:Pete
2 Comments
 
LVL 8

Accepted Solution

by:
Nothing_Changed earned 1000 total points
ID: 33753828
very very very broad question, this could be totally off, but I'll take a swing.

I think the simplest solution would be to connect a system outside your proxy, or put in a temporary bypass rule for one host. Connect to the desired site, download the attachment, while at the same time running a command prompt command of (assuming windows here) "netstat -a | findstr ESTAB". you may need to run it a few times, keep in mind that many connections are very transient so you might miss it the first time.

you will see a list like this:
 TCP    cmt-d630:2333          216.66.8.203:http      ESTABLISHED
 TCP    cmt-d630:2338          LB140.ASHB.COTENDO.NET:http  ESTABLISHED
 TCP    cmt-d630:2339          LB140.ASHB.COTENDO.NET:http  ESTABLISHED
 TCP    cmt-d630:2341          slashdot.org:http      ESTABLISHED
 TCP    cmt-d630:2343          a96-16-83-172.deploy.akamaitechnologies.com:http  ESTABLISHED
 TCP    cmt-d630:2346          a96-16-83-172.deploy.akamaitechnologies.com:http  ESTABLISHED

(ignore all of the connections to localhost, those aren't likely to be part of your problem)

look thru the list of connections that your download session spawned (not just host names but ports too, maybe its a weird port or ftp or something), then compare this list to your log in your proxy. You should be logging everything getting blocked, so you should see something in your block list that matches your netstat output, and that will be your culprit.

If you don't see anything in your proxy log, then it's probably a firewall rule blocking something. Use the same log review process and you'll find your culprit.
0
 
LVL 1

Author Closing Comment

by:Pete
ID: 33778468
closed
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question