Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: capturing full URL information via DNS request logs

From: Ian McDonald <iam () ST-ANDREWS AC UK>
Date: Wed, 9 Oct 2013 20:15:46 +0000
You do not get the full url in a DNS request. The DNS resolver logs would give you the requested name -> IP 
translation, where the client hadn't cached the result of same.

I'm not sure what 'problem' you're trying to solve.
--
ian
-----Original Message-----
From: Youngquist, Jason R.
Sent:  09-10-2013, 21:03
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] capturing full URL information via DNS request logs

Hi All,

Currently we have a network monitoring device using netflow.  One problem we are having with this device is it doesn't 
give us URL information.  There are a few other methods that were recommended to us in order to get this information.  
Instead of getting an IP address that points to Akamai (ie. this is want is captured via netflow), one person suggested 
that it was relatively easy to capture the original content that the user was downloading.  Ie. in the original DNS 
request the URL information would be included in the packet info.  Are people using DNS logs to capture this type of 
URL traffic?  If so, does it provide the full URL, or just the DNS host name?  DNS host name would be useful, but full 
URL would be even better.

Appreciate any insights you may have.

Thanks.
Jason Youngquist, CISSP, CISA
Information Security Engineer
Columbia College - Technology Services
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu
Previous By Date Next
Previous By Thread Next

Current thread: