Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: capturing full URL information via DNS request logs

From: "Shettler, David" <dshettle () HOLYCROSS EDU>
Date: Wed, 9 Oct 2013 16:10:23 -0400
DNS will tell you virtual host, but for url you'd need web filter logs,
force everyone through a proxy, or some aggressive sniffing.


On Wed, Oct 9, 2013 at 4:03 PM, Youngquist, Jason R.
<jryoungquist () ccis edu>wrote:


Hi All,

Currently we have a network monitoring device using netflow.  One problem
we are having with this device is it doesn't give us URL information.
 There are a few other methods that were recommended to us in order to get
this information.  Instead of getting an IP address that points to Akamai
(ie. this is want is captured via netflow), one person suggested that it
was relatively easy to capture the original content that the user was
downloading.  Ie. in the original DNS request the URL information would be
included in the packet info.  Are people using DNS logs to capture this
type of URL traffic?  If so, does it provide the full URL, or just the DNS
host name?  DNS host name would be useful, but full URL would be even
better.

Appreciate any insights you may have.

Thanks.
Jason Youngquist, CISSP, CISA
Information Security Engineer
Columbia College - Technology Services
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu





-- 
David Shettler
Information Security Officer
College of the Holy Cross
508-793-3073
Previous By Date Next
Previous By Thread Next

Current thread: