RE: Some abnormal behavior when opening excel and word files ..

["Mike Molloy" <mmolloy () coenholdings ie>]

IE 5.5 does not automatically check revocation lists, however when I
upgraded to IE6 SP1 this was automatically selected and amounted to a
considerable amount of traffic being stopped by our proxy service until
I turned it off.

Regards
Mike Molloy
IT Supervisor


-----Original Message-----
From: Chad [mailto:ncm () xs4all nl] 
Sent: 09 January 2004 10:36
To: security-basics () securityfocus com
Subject: RE: Some abnormal behavior when opening excel and word files ..


> When the PC is connected to the LAN, opening local Excel and Word
files
> take abnormally long time .. disabling the AV does not make a
difference
> .. and a lot of SYNs are shown to the Verisign IPs of crl.verisign.com
..
> 198.49.161.200 - 198.49.161.205 - 198.49.161.206

I have been seeing this as well on my XP Box, and may be wrong, but it
looks
like it has something to do with some kind of "certificate revocation
list"?

The only way I could so far find to switch it off is to go to IE Tools->
Internet Options-> Advanced, turn off the options that check for the
CRL,
e.g.. "Check for Publisher's CRL", "Check for Server's CRL", and "Warn
about
site certificates" BUT I =don't= want to do this, as the check in my
view is
needed for IE.

What annoys me the most is that this outbound checks happens everywhere
you
go; Windows explorer, Word, Excel, MS Project ...

The amount of traffic this generates with ordinary PC usage is enormous
and
automatically happens when you're online. I'd hate to be a dial-up user!
Oh
yeh, and if you block it using your firewall, opening anything that
makes
this request makes you wait until it times out...

It all started after installing a MS Update .. I have however not yet
found
the time to look at which one exactly. Anyone else maybe?

-Chad




------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----


#####################################################################################
Note:
This message is for the named person's use only.  It may contain confidential,
proprietary or legally privileged information.  No confidentiality or privilege
is waived or lost by any mistransmission.  If you receive this message in error,
please immediately delete it and all copies of it from your system, destroy any
hard copies of it and notify the sender.  You must not, directly or indirectly,
use, disclose, distribute, print, or copy any part of this message if you are not
the intended recipient. Coen Holdings Ltd. and any of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks.

Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorized to state them to be the
views of any such entity.

Thank You.
#####################################################################################

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------