e-upturn for 2005?
MOM is an amazingly useful piece of software and, at £399 for a ten-machine version, it represents good value. Obviously, we do not want to do a full review of the product in this column, but rather we would like to point out one interesting function that was never mentioned in the demonstrations and that we are sure will be of interest to our readers. The best way to explain is by telling this little story.
One day, Mark received an email from a visitor to one of the websites he hosts. This user was complaining that he couldn’t access the site, and after all the usual tests and asking the user the usual questions (browser type, firewall settings and so on), there was still no luck. Other users could access the site with no problem, which was all very strange. Mark then took a closer look at the properties of this website via the IIS MMC and noticed in the Permissions tab for the site that, while all users were granted access to the site, there was an exclusion list containing more than half-a-dozen IP addresses, which was equally strange. There was no obvious need for these, so Mark deleted them and emailed the user to try again, which he did and was able to access the website.
That was that, or so Mark thought. A few days later, he received emails from two other users complaining that they couldn’t access the website, so this time Mark went straight to the Properties page to look for any excluded IP addresses and, sure enough, there were a number of them there. They would come back, but how? On further investigation, it turns out that MOM has a script that detects strange activity from a user’s browser, which it assumes is a possible attack and automatically blocks that IP address. So efficient is this script that, while performing some security tests on one site, Mark got himself banned from his own site.
This is definitely a powerful demonstration of one of the capabilities of MOM, but we do wonder about the sense of blocking such an IP address permanently. Most people are assigned a dynamic IP address on login via DHCP so, while a rogue user would be blocked for that session, once they have logged off from their ISP and back in again they would be assigned a different IP address and so could access the site again. Meanwhile, some perfectly innocent party would be blocked if they were allocated that previously rogue address. We would also have liked a much clearer warning that these IP addresses were being blocked by MOM, as well as anything else the system might be doing. It is only fair to mention that this script (like all the others) can be switched off, or even edited as it is written in VBScript, so there is plenty of opportunity to fine-tune MOM. The system is certainly staying on Mark’s network, and we will be returning to this subject in a later column.