Educause Security Discussion mailing list archives
Re: capturing full URL information via DNS request logs
From: "Shettler, David" <dshettle () HOLYCROSS EDU>
Date: Wed, 9 Oct 2013 16:10:23 -0400
DNS will tell you virtual host, but for url you'd need web filter logs, force everyone through a proxy, or some aggressive sniffing. On Wed, Oct 9, 2013 at 4:03 PM, Youngquist, Jason R. <jryoungquist () ccis edu>wrote:
Hi All, Currently we have a network monitoring device using netflow. One problem we are having with this device is it doesn't give us URL information. There are a few other methods that were recommended to us in order to get this information. Instead of getting an IP address that points to Akamai (ie. this is want is captured via netflow), one person suggested that it was relatively easy to capture the original content that the user was downloading. Ie. in the original DNS request the URL information would be included in the packet info. Are people using DNS logs to capture this type of URL traffic? If so, does it provide the full URL, or just the DNS host name? DNS host name would be useful, but full URL would be even better. Appreciate any insights you may have. Thanks. Jason Youngquist, CISSP, CISA Information Security Engineer Columbia College - Technology Services 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
-- David Shettler Information Security Officer College of the Holy Cross 508-793-3073
Current thread:
- capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 09)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)
- Re: capturing full URL information via DNS request logs Shettler, David (Oct 09)
- Re: capturing full URL information via DNS request logs Roger A Safian (Oct 09)
- Re: capturing full URL information via DNS request logs Rich Graves (Oct 09)
- Re: capturing full URL information via DNS request logs Ian McDonald (Oct 09)
- Re: capturing full URL information via DNS request logs Will Froning (Oct 09)
- Re: capturing full URL information via DNS request logs Justin Azoff (Oct 09)
- Re: capturing full URL information via DNS request logs Kevin Wilcox (Oct 09)
- Re: capturing full URL information via DNS request logs Dave Koontz (Oct 09)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- Re: capturing full URL information via DNS request logs Philip Webster (Oct 09)
- Re: capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)