Armynet through a civi employers firewall/web monitoring

Good morning all,

I wonder if anyone can help me... my civilian employer has accused me of spending an excessive amount of time on as their web monitoring software has reported back to them that I have made over 2000 hits on the Armynet site in the space of 2 months.

I find this nothing short of unbelievable, as I might log on to the service once or twice a week to check my email, and then usually log back out. My concern is that perhaps sometimes I haven't logged out, and perhaps left a session logged in but running in the background on my pc. However, is there anyway that this could have accounted for quite so many web site hits?

I've emailed the guys at Armynet but unfortunately no response as yet. If anyone has any idea how this could happen or any information on what could be going on here, then I would much appreciate it as my civilian employers are taking a particularly dim view of this and I'm desperate to clear my name.

Many thanks,

The Armynet home page, like the BBC one, has a lot of components - each of which will show up as a separate hit on standard monitoring software. However, the times of access will be very close to each other (so you would get a lot of hits in a very short time, rather than spaced out over a period of hours - if you were sad enough to be spending lots of time there rather than here :D ). Ask to see the times of the hits.

Most of the site isn't Web 2.0 enabled so, apart from the news story flipper, leaving it active in the background isn't going to push page refreshes to you.
Their IT department need to get a grip - the idea of monitoring "hits" went out with the Ark. A single page used to be half a dozen hits per page. Now it can be a few hundred.

Ask them how many "visits" they have recorded. If they can't answer, you can't really be bollucked, if they do answer then it should say twice a week as you say.

Thank you so much for your replies (& PMs). This information is very helpful. To be fair to my boss, he doesn't seem to want to believe this either, but only has the unsubtantiated 'evidence' that IT have provided to go on.

Does anyone know how the BBC news website works? I've been told that as it auto-refreshes every 5 mins if you leave a session minimalised it scores a 'hit' for every refresh.
That would make sense, I also apparently scored several thousand hits on the Beeb too.

Is this an example of 'web 2.0' that Idrach referred to?
Ask to see the 'evidence'.

MSR - I have, and it is just a list of websites and the number of hits recorded over a 2 month period.

I'm fuming about it.

Quite a few of them are simply IP addresses that don't point to any site at the moment. I've tracked them down via the RIPE database and quite a few are owned by various IT service providers across Europe. Given that as part of my work I access various secure datarooms and webinars, I think it's all b*ll*cks.
Check your PMs
msr said:
Ask to see the 'evidence'.

Quite correct and discover what the tool is that they are using, something akin to Websense I would guess. Then find out how long it has been deployed for and ask to see the procedures for maintaining it's configuration and for controlling access to the software.

That should back foot them for a while.

These tools are usually the new toybox and are rarely if ever deployed correctly resulting in a wave of false positives. This causes all sorts of issues for HR who normally insist on it being reconfigured until it is useless.

The alternative is of course that you are wasting time at work. :)
Sparky71 said:
That would make sense, I also apparently scored several thousand hits on the Beeb too.

Is this an example of 'web 2.0' that Idrach referred to?
Nope - Web 2.0 is sites that continually autoupdate as long as they are active - Facebook, MySpace, Googlemail all count, eBay does it in certain conditions, as do lots of others. Normally running "Ruby on Rails" or Ajax, although some of the more corporate products are now getting there (WebSphere, I think).

Your problem with the Beeb news site is the same as with Armynet - each of the thumbnail images and graphic buttons is a separate HTTP download and a separate 'hit' - so you get on the order of 50 'hits' each time you look at the front page.

When I was running an incident response team and Zonealarm was the greatest thing since sliced bread, we regularly used to get calls from customers claiming that our website "had hacked them when they logged out". What actually happened was you were diverted to a very marketing heavy web-page, with 20+ images. The HTTP responses from the corporate web-server were interpreted as a port-scan - hence disgruntled customer and unsatisfactory (although completely true) explanation from us.
Just to update the few who may be interested. I fired up my local proxy server (if you don't know what that is, don't mind), logged on to Armynet, looked at the front page, the email page and opened one email.

This gave me a grand total of 167 HTTP and HTTPS requests - mostly GET, with a couple of POST for the single-sign on. So, depending on how 'they' were monitoring me, 30 seconds on Armynet could give you between 3 (SSO, Email list & email - my actual requests) to 167 (mostly small graphics) 'hits'.

Hopefully, sparky can get this sorted without too much wasted effort.
Does anyone know where I can find out more about Webmarshal and the BBC website? I'm curious to know if a minimized news page can generate webmarshal activity, i think it can, IT don't even want to answer the question. Links would be good


Many thanks for all your input on this. I now feel confident enough in my knowledge to tell 'em where to stick their IT monitoring reports should the need arise again.


Similar threads

Latest Threads