Educause Security Discussion mailing list archives
Re: capturing full URL information via DNS request logs
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Wed, 9 Oct 2013 17:01:29 -0400
Rich, This is a great point! Cheers, Harry Rich Graves <rgraves () carleton edu> wrote:
Keep in mind that most browsers will prefetch DNS results for visible hyperlinks. This will give you false positives if you're trying to figure out who clicked on malware/phishing links, for example. You need to join with netflow/proxy/firewall/nat logs to be sure.
Current thread:
- Re: capturing full URL information via DNS request logs, (continued)
- Re: capturing full URL information via DNS request logs Rich Graves (Oct 09)
- Re: capturing full URL information via DNS request logs Ian McDonald (Oct 09)
- Re: capturing full URL information via DNS request logs Will Froning (Oct 09)
- Re: capturing full URL information via DNS request logs Justin Azoff (Oct 09)
- Re: capturing full URL information via DNS request logs Kevin Wilcox (Oct 09)
- Re: capturing full URL information via DNS request logs Dave Koontz (Oct 09)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- Re: capturing full URL information via DNS request logs Philip Webster (Oct 09)
- Re: capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)