Firewall Wizards mailing list archives
Re: Log checking?
From: "Adrian Grigorof" <adrian () grigorof com>
Date: Tue, 28 Sep 2004 23:56:39 -0400
We use the FireGen "IP Forensics" analysis (http://www.eventid.net/firegen/ipforensics_report.asp) to see what kind of traffic various applications generate. You can learn many things (for example, what a certain IM application does at startup, what is the Google bar recording in regards to the sites that you visit etc...) Quite often, we discover configuration problems (i.e. DNS requests against servers long gone). Regards, Adrian Grigorof ----- Original Message ----- From: "Paul D. Robertson" <paul () compuwar net> To: <firewall-wizards () honor icsalabs com> Sent: Tuesday, September 28, 2004 4:05 PM Subject: [fw-wiz] Log checking? [...]
I'm just wondering if the subset of folks who actually look at their firewalls mostly looks at denied traffic only, or if it's a common practice to look at the permitted stuff too? If so, what sorts of things are you using, and are you finding anything interesting?
[...] _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Log checking? Paul D. Robertson (Sep 28)
- Re: Log checking? Adrian Grigorof (Sep 30)
- Re: Log checking? ArkanoiD (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- Re: Log checking? Devdas Bhagat (Sep 30)
- Re: Log checking? Mark Tinberg (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- <Possible follow-ups>
- RE: Log checking? Desai, Ashish (Sep 28)
- Re: Log checking? Adam Shostack (Sep 28)
- RE: Log checking? Luke Butcher (Sep 28)
- RE: Log checking? Paul D. Robertson (Sep 28)
- RE: Log checking? Ben Nagy (Sep 30)
- RE: Log checking? Paul D. Robertson (Sep 28)
(Thread continues...)