[squid-users] Squid squid3-3.0.STABLE10-2.11, IE7/IE8, Microsoft Applications from Walter Cuestas on 2009-09-30 (squid-users)

From: Walter Cuestas <wcuestas_at_open-sec.com>
Date: Wed, 30 Sep 2009 21:05:07 -0500

Hi, in short :

Every time a user click on a link in a MS Office document or select some
Internet related app (like MS Windows Media Player), the user if forced to
re-authenticate (a popup window appears).

We have tested using Firefox instead IE7/IE8 and happens the same, but, if
we use OpenOffice.org and Firefox in the same machines, no
re-authentication is required. So, it seems this is a MS related problem
with Squid. (Time and resource usage related stuff has been tested and
are not the source of this problem).

The authentication uses the basic one (not NTLM) and goes to an Active
Directory.

Any clue about it will help us a lot!

Thanks in advance.

PD: Some extract from access.log :

127.0.0.1 - smedina [30/Sep/2009:16:40:39 -0500] "GET
http://ads1.msn.com/library/dap.js HTTP/1.0" 304 375 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:39 -0500] "GET
http://rad.msn.com/ADSAdClient31.dll? HTTP/1.0" 403 1522 TCP_DENIED:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:40 -0500] "GET
http://c.microsoft.com/trans_pixel.asp? HTTP/1.0" 200 593 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:40 -0500] "GET
http://m.webtrends.com/dcs8kzhcc00000ww68ffquzt0_6o5q/dcs.gif? HTTP/1.0"
200 716 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:40 -0500] "GET
http://js.microsoft.com/library/svy/broker-config.js? HTTP/1.0" 200 2766
TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:40 -0500] "GET
http://m.webtrends.com/dcs8kzhcc00000ww68ffquzt0_6o5q/dcs.gif? HTTP/1.0"
200 716 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:42 -0500] "GET
http://go.microsoft.com/fwlink/? HTTP/1.0" 302 659 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:43 -0500] "GET
http://catalog.update.microsoft.com/ HTTP/1.0" 302 565 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:43 -0500] "GET
http://catalog.update.microsoft.com/v7/site HTTP/1.0" 301 575
TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:43 -0500] "GET
http://catalog.update.microsoft.com/v7/site/ HTTP/1.0" 200 15257
TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:43 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Style/catalog.css HTTP/1.0"
304 316 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:44 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Script/CommonTypes.js?
HTTP/1.0" 304 397 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:44 -0500] "GET
http://catalog.update.microsoft.com/v7/site/SiteConstants.aspx? HTTP/1.0"
200 13094 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:44 -0500] "GET
http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?
HTTP/1.0" 200 1609 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Install.aspx HTTP/1.0" 200
18118 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/SiteConstants.aspx? HTTP/1.0"
200 13094 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Script/MasterComponents.js?
HTTP/1.0" 304 397 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/decor_BigUpArrow_head.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/decor_BigUpArrow_trunk.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/decor_BigUpArrow_stem.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/spacer.gif HTTP/1.0"
304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/bg_YellowGradient.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:45 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/bg_BigGlobe.jpg
HTTP/1.0" 304 318 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:46 -0500] "GET
http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?
HTTP/1.0" 200 72747 TCP_MISS:DIRECT
127.0.0.1 - - [30/Sep/2009:16:40:46 -0500] "GET
http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl HTTP/1.0" 407
2039 TCP_DENIED:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:51 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Install.aspx HTTP/1.0" 200
18118 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:51 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Style/catalog.css HTTP/1.0"
304 316 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:51 -0500] "GET
http://catalog.update.microsoft.com/v7/Site/WebResource.axd? HTTP/1.0" 304
439 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:51 -0500] "GET
http://catalog.update.microsoft.com/v7/Site/ScriptResource.axd? HTTP/1.0"
304 439 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Script/CommonTypes.js?
HTTP/1.0" 304 397 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Script/MasterComponents.js?
HTTP/1.0" 304 396 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/Site/ScriptResource.axd? HTTP/1.0"
200 23939 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/SiteConstants.aspx? HTTP/1.0"
200 13094 TCP_MISS:DIRECT
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/decor_BigUpArrow_head.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/decor_BigUpArrow_stem.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/spacer.gif HTTP/1.0"
304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:52 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/decor_BigUpArrow_trunk.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:53 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/bg_BigGlobe.jpg
HTTP/1.0" 304 318 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:53 -0500] "GET
http://catalog.update.microsoft.com/v7/site/Images/bg_YellowGradient.gif
HTTP/1.0" 304 317 TCP_IMS_HIT:NONE
127.0.0.1 - smedina [30/Sep/2009:16:40:54 -0500] "GET
http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?
HTTP/1.0" 200 72747 TCP_MISS:DIRECT

---
Walter Cuestas Agramonte,
Certified | Ethical Hacker (C|EH)
SANS/GIAC Certified Penetration Tester (GPEN)
Gerente General
Phone : 511-997926168
Ethical Hacking/Forensics/InfoSec
http://www.open-sec.com
http://ehopen-sec.blogspot.com/

Received on Thu Oct 01 2009 - 02:05:34 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 01 2009 - 12:00:05 MDT