VOT: Tracking users

[Sam Carleton <sc...@miltonstreet.com>]

Gentleman,

This is VERY off topic, but it is a Q for guru's and when I think of
web guru's I think of my fellow apache module developer.  If I am
totally out of line asking this here, please be a kind sole and give
me some guidance as to where I should be asking this question, fore I
know not where to ask other then here...

There is this web site I like to frequent.  For some reason it has
blocked my main workstation from being aloud to post on it.  When I
login with the same user id/password on any other machine, including
virtual machines I am able to post with no problem.

Initially I thought it was blocking based on cookies.  But both IE7
and Firefox are blocked on the same box.  Then I thought it was
blocking based on IP address, but my current network is behind a
OpenBSD firewall running NAT and any other machine behind the firewall
is able to post just fine.  Then I thought it was something else that
was browser specific, until I just installed the Safari client on the
main workstation and the first attempt to post with that browser was
ALSO blocked!

I even when so far as to think it might be using both the firewall's
IP address and the internal IP address of the workstation, so I
changed the internal IP address, still blocked, even though virtual
machines and other real machines behind the firewall/NAT server post
just fine.

So I am completed stumped,  how is this site blocking my one
workstation?  What piece of info being sent to the web server by all
three browsers that is a common, unique per OS instance?

Oh, I am running Win XP SP2.

Sam

Re: VOT: Tracking users

[Joe Lewis <jo...@joe-lewis.com>]

Sam Carleton wrote:
> There is this web site I like to frequent.  For some reason it has
> blocked my main workstation from being aloud to post on it.  When I
> login with the same user id/password on any other machine, including
> virtual machines I am able to post with no problem.
>
> Initially I thought it was blocking based on cookies.
[snip]
> Then I thought it was blocking based on IP address, but my current
> network is behind a OpenBSD firewall running NAT and any other machine
> behind the firewall is able to post just fine.
[snip]
> Then I thought it was something else that was browser specific, until
> I just installed the Safari client on the main workstation and the
> first attempt to post with that browser was
> ALSO blocked!
You did well, Sam : butter us up before asking an OT question.  The best
source of help is your internal IT staff (your own network guys).  But,
just so a "help" for this kind of thing exists in the mailing list
archives, here is the OT path to "track" down the issue.  First, do the
workstations have proxies or are there transparent proxies on the
network?  Second, what is actually responding with the "blocked"
message?  Is it an accelerator or caching server?

Once you have answered those two questions, your next best friends are
tcpdump and ethereal (you won't have tcpdump on XPSP2).

I would suggest taking a network trace from each workstation (one that
works and one that doesn't) and compare the two.  You may find what you
are looking for.

(Just to keep this more on-topic - perhaps they have an apache module
doing some sort of digital signature - we should implement one of our own!).

Joe
-- 
Joseph Lewis <http://sharktooth.org/>
"Divide the fire, and you will sooner put it out." - Publius Syrus