| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
I have a request from a customer asking for an audit trail of a file transfer through a firewall. He is concerned that people on the inside of the firewall can push file outside using an unlogged mechanism (unlike uuencoded files attached to mail messages that are logged in mail.log). The method goes like this: 1 The customer connects to www.hotmail.com from his Netscape browser. 2 He logs into his hotmail account. 3 He composes a mail and then clicks the ATTACH button. 4 He then gets a pop-up window allowing him to select a local system file to attach. 5 He selects a file and confirms the attachment. The message can then be sent from the hotmail account with the file attached uuencoded. The above works as I have tested it but I cannot find any record of the file being sent in any of the following log files; [mail.log, ftpxd.log, proxy-log, cache-log, syslog, netaccess.log and kern.log] Can anyone tell me what method is used to transfer the file from the local system to the remote system outside the firewall? Les
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1751.1 | SMTP - and the content is NOT logged ... | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Feb 05 1997 08:15 | 6 |
SMTP is used to transfer the file. The mail logging on the firewall
(or anywhere else) does not log anything about the content of the mail.
All it logs is the sender, recipient and number of bytes transferred,
and things like that.
T
| |||||
| 1751.2 | Can't see any smtp logs! | CHEFS::AYLESBURY_L | Thu Feb 06 1997 08:04 | 15 | |
Tony,
As far as I've been able to determine, the attachment process does not use
SMTP to transfer the file. I ran tail -f mail.log and nothing gets
entered. Where would it mail it to anyway?
I suspect there is no record anywhere of this type of data transfer. I
have tried it from within DEC and the files are sent to hotmail.com. I
bet we don't log this either.
Any ideas on how to turn logging on for this in httpd?
Les
| |||||
| 1751.3 | QUICHE::PITT | Alph a ha is better than no VAX! | Thu Feb 06 1997 08:29 | 15 | |
In that case, I suspect that the mail is uploaded over http, using the
WWW proxy, and the HotMail server then sends it out. Most people think
of WWW as a pull application only - that is to say my browser (client)
pulls something from a server. This is not a complete model. There
are a number of ways in which information can pass from the client to
the server - the most obvious of these is filling in a form, but there
are a number of others.
Exactly as in the case of mail, there is nothing that will log the
content. There will simply be a record in the wwwproxy.log file that a
browser connected to a particular URL.
Can anyone be more precise as to what is happening here?
T
| |||||