Educause Security Discussion mailing list archives

Re: capturing full URL information via DNS request logs

From: Rich Graves <rgraves () CARLETON EDU>
Date: Wed, 9 Oct 2013 15:40:44 -0500

Keep in mind that most browsers will prefetch DNS results for visible hyperlinks. This will give you false positives if 
you're trying to figure out who clicked on malware/phishing links, for example. You need to join with 
netflow/proxy/firewall/nat logs to be sure.

Current thread:

capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 09)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)
- Re: capturing full URL information via DNS request logs Shettler, David (Oct 09)
- Re: capturing full URL information via DNS request logs Roger A Safian (Oct 09)
  - Re: capturing full URL information via DNS request logs Rich Graves (Oct 09)
- Re: capturing full URL information via DNS request logs Ian McDonald (Oct 09)
- Re: capturing full URL information via DNS request logs Will Froning (Oct 09)
- Re: capturing full URL information via DNS request logs Justin Azoff (Oct 09)
- Re: capturing full URL information via DNS request logs Kevin Wilcox (Oct 09)
- Re: capturing full URL information via DNS request logs Dave Koontz (Oct 09)
  - Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
    - Re: capturing full URL information via DNS request logs Philip Webster (Oct 09)
    - Re: capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 10)
    - Re: capturing full URL information via DNS request logs John Ladwig (Oct 10)
- <Possible follow-ups>
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)