Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: capturing full URL information via DNS request logs
From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Thu, 10 Oct 2013 17:22:38 +0000

Seems like that's still what ASA's do.  We haven't made a full analysis of their behavior, and thus we don't have what 
you would call a solution.

The existing behavior suffices to handle enough of our use-cases  (malware downloads and bot activity &c) to keep us 
more than busy.

   -jml

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Philip 
Webster
Sent: Wednesday, October 09, 2013 7:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] capturing full URL information via DNS request logs

On 10/10/2013 08:03, John Ladwig wrote:
Cisco's ASA firewall line also logs http URIs at Informational priority.

We looked at the ASA a while back and it seemed that it would only log
the first URI in a connection. So we could see that a user went to
http://www.google.com/, for example, however if they maintained a
persistent HTTP connection then we wouldn't see the following search
requests.

Have you encountered this, and if so are you aware of a solution?
-- 
Philip Webster
Senior IT Security Engineer | Queensland University of Technology


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]