Ever heard of crl.microsoft.com ?

Discussion in 'other security issues & news' started by Detector, Sep 7, 2004.

Thread Status:
Not open for further replies.
  1. Detector

    Detector Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    1
    Hi all,

    Over the last few months I have noticed Something odd with my Internet Explorer. When I first open IE after about 30 seconds it stops responding for roughly 15 seconds then starts working for about 5 seconds then stops again for about 5 seconds where I notice the cursor goes to an hourglass briefly.

    There seems to be no odd running tasks, but during this spaz-time I send a syn_sent to crl.microsoft.com I know this because I have a program I have written that shows connected ports, and who's connected from where.

    My Computer(during this spaz) seems to be trying to send a request to this crl.microsoft.com on port 80, then quickly disappears. I have tried to find info on this site but have found nothing.

    Any ideas?

    Thanks
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,873
    Location:
    New England
    While I'm unsure what is causing the initial spaz-effect in the first place, connections to crl.microsoft.com are not a problem. That is Microsoft's certificate authority server (CRL stands for "Certificate Revocation List"), which is used to verify whether the certificate for an application (or website) is legitimate or not. Microsoft applications have certificates associated with them and they can be check for validity at crl.microsoft.com.

    Here's a relate thread:

    https://www.wilderssecurity.com/showthread.php?t=15867

    Here's a basic definition for CRL in general terms. You can search Google using "Certificate Revocation List" and find a lot more information.

    http://encyclopedia.thefreedictionary.com/Certificate Revocation List

    Now, you could try disabling the check in IE for "publisher's" certificate revocation, that is probably what's causing these particular connections. (IE > Tools menu > Internet Options... > Advanced tab > scroll down to Security section and look for "Check for publisher's certificate revocation" - is it checked?)

    However, I have that option checked as well as the one below it ("Check for server certificate revocation") because I want checks done for revoked certificates. (The second option validates the certificates exchanged when a browser connects to an https based webpage. Most of those checks go to crl.verisign.com, or one of a few other Certificate Authority servers.
     
Thread Status:
Not open for further replies.