Full Disclosure mailing list archives
Re: Recommendations for a Passive Web Content Monitoring solution?
From: "Scott M. Algatt" <salgatt () turtleshell net>
Date: Thu, 10 Apr 2003 15:47:32 -0400 (EDT)
I know that Snort can sniff ICQ sessions. I believe that the AIM rules do it. I have seen several communications between our users doing ICQ until we blocked access to the ICQ server they were using. Regards, Scott M. Algatt Behold the turtle. He makes progress only when he sticks his neck out. On Thu, 10 Apr 2003, Andre Luis Quintaes Guimaraes wrote:
One way to do it is to use squid running in transparent proxy mode (http accelerator in its configuration) and using the firewall to forward the packets to the transparent proxy. Although I would recommend setting up a normal proxy and configuring on your client machines. Then you could use one of the many squid log analyzers (even webtrends supports it) and get your reports. You would also gain navigation and save bandwidth by using a proxy. You can also configure it to not cache anything, just log. Btw, Im looking for a icq sniffer, I found one but its server (the packet analyzer and rtf decoder) was a windows delphi binary... Does anybody knows about one that runs on freebsd? ----- Original Message ----- From: "Nick Jacobsen" <nick () ethicsdesign com> To: <full-disclosure () lists netsys com> Sent: Thursday, April 10, 2003 3:28 PM Subject: Re: [Full-disclosure] Recommendations for a Passive Web Content Monitoring solution?Maybe I was not specific enough. When I said "Web Content Monitoring" Iwasrefering to monitoring the web site usage by employees during business hours. I am not specifically looking for something that would trace itbackto the employee, just something to give my client a good overview of most the surfing. I have seen the commercial solutions, such as silentrunner, and websweeper, but those are targeted more toward stoping the viewing of web sites, not just monitoring, plus, of course, they cost :) Also, as I said in my origian post, I realize I could implement this myself, butagain,I would rather not re-invent the wheel. Sorry if my original post was unclear Nick ----- Original Message ----- From: "Ed Carp" <erc () pobox com> To: "KF" <dotslash () snosoft com>; "Nick Jacobsen" <nick () ethicsdesign com> Cc: <full-disclosure () lists netsys com> Sent: Thursday, April 10, 2003 9:47 AM Subject: RE: [Full-disclosure] Recommendations for a Passive Web Content Monitoring solution?Overkill. Why not use squid, which is included with every Linux system?-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of KF Sent: Thursday, April 10, 2003 5:12 AM To: Nick Jacobsen Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Recommendations for a Passive WebContentMonitoring solution? Snort? http://www.snort.org/cgi-bin/sigs-search.cgi?sid=porn -KF Nick Jacobsen wrote:Not sure that this is an exactly suitable topic, but anythingseems to go,so... I am trying to find an open source (read free) PASSIVE web content monitoring solution. We are looking for something that can be put onanetwork, and using promiscuous mode, capture and analyze webtraffic, etc...We would obviously place this in such a way that all networktraffic wouldpass by it. Any suggestions would be welcome, though again, I amlookingfor something specifically designed to do this, as I know I couldmodifyexisting tools myself... Nick _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Recommendations for a Passive Web Content Monitoring solution? Nick Jacobsen (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? David Bernick (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? KF (Apr 10)
- RE: Recommendations for a Passive Web Content Monitoring solution? Ed Carp (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? Nick Jacobsen (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? Andre Luis Quintaes Guimaraes (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? Kurt Seifried (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? Scott M. Algatt (Apr 10)
- Re: Recommendations for a Passive Web Content Monitoring solution? Jason Healy (Apr 10)
- RE: Recommendations for a Passive Web Content Monitoring solution? Ed Carp (Apr 10)
- RE: Recommendations for a Passive Web Content Monitoring solution? Ed Carp (Apr 10)
- <Possible follow-ups>
- RE: Recommendations for a Passive Web Content Monitoring solution? Rainer Gerhards (Apr 10)
- RE: Recommendations for a Passive Web Content Monitoring solution? Rapaille Max (Apr 10)
- RE: Recommendations for a Passive Web Content Monitoring solution? Stephan Steenkamp (Apr 11)