Security Basics mailing list archives

Re: Investigation- Web pages visited

From: Mark Owen <mr.markowen () gmail com>
Date: Fri, 4 Nov 2005 21:56:07 -0500

On 11/2/05, Steve Barron <thurgoodj187 () hotmail com> wrote:

Hi

I am trying to investigate some possible corporate policy violations, mostly
involving porn.  My IDS matches rules for certain criteria and looks for
banned words in html.  When I get the ip, i can query it, but most of the
time I get info about a hosting provider.  When I attempt to access the ip
http://155.X.X.X i get either some generic page or a 404 error.  Is there
any way to find out what sites are hosted at a given IP?  My logs have not
been much help for this.

Thanks

Steve


I had the same problem.  If the user is a routine abuser and your IDS
system is Linux, grab DSNIFF tools and run urlsnarf.  It will grab ALL
requests with full url.

--
Mark Owen

Current thread:

Investigation- Web pages visited Steve Barron (Nov 02)
- Re: Investigation- Web pages visited Bryan S. Sampsel (Nov 03)
- Re: Investigation- Web pages visited Saqib Ali (Nov 03)
- Re: Investigation- Web pages visited Brian Loe (Nov 03)
- RE: Investigation- Web pages visited David Gillett (Nov 03)
  - Re: Investigation- Web pages visited Austin Murkland (Nov 04)
- Re: Investigation- Web pages visited Mark Owen (Nov 07)