Educause Security Discussion
mailing list archives
Re: capturing full URL information via DNS request logs
From: Rich Graves <rgraves () CARLETON EDU>
Date: Wed, 9 Oct 2013 15:40:44 -0500
Keep in mind that most browsers will prefetch DNS results for visible hyperlinks. This will give you false positives if
you're trying to figure out who clicked on malware/phishing links, for example. You need to join with
netflow/proxy/firewall/nat logs to be sure.