Re: [fw-wiz] Log checking?
From: Adam Shostack (adam_at_homeport.org)
Date: 09/29/04
- Previous message: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- In reply to: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- Next in thread: Luke Butcher: "RE: [fw-wiz] Log checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Desai, Ashish" <Ashish.Desai@fmr.com> Date: Tue, 28 Sep 2004 18:54:05 -0400
Hey, I was never an intern! But I sure did ssh tunnel out. :)
Adam
On Tue, Sep 28, 2004 at 06:27:24PM -0400, Desai, Ashish wrote:
| I would recommend you also look at your web proxy logs.
| Especially for 'CONNECT' method (which is an SSL connection).
| There are too many people who have figured out how to
| ab(use) it. We are now also starting to see VPN software
| that is going to start using that method and at that point
| its pretty much game over.
|
| We have found very interesting things when CS interns start
| working at our company and they start using this channel to
| get to the outside. Besides its a lot of fun looking at
| what people are querying at google ;-)
|
| Ashish
|
| > -----Original Message-----
| > From: Paul D. Robertson [mailto:paul@compuwar.net]
| > Sent: Tuesday, September 28, 2004 4:05 PM
| > To: firewall-wizards@honor.icsalabs.com
| > Subject: [fw-wiz] Log checking?
| >
| > Back when I had real production firewalls, I'd log all the permitted
| > traffic for a while, then do some analysis of the data to get a
| > feel for things like tunnels, misbehaving users, etc.
| >
| > I've always felt that worrying about denied traffic was
| > mostly for sport-
| > if the firewall's policy blocked it, I wasn't all that
| > worried about much
| > more than overall trends- what got *through* the firewall
| > seemed to be the
| > more interesting set of things.
| >
| > I'm just wondering if the subset of folks who actually look at their
| > firewalls mostly looks at denied traffic only, or if it's a common
| > practice to look at the permitted stuff too? If so, what
| > sorts of things
| > are you using, and are you finding anything interesting?
| >
| > Paul
| > --------------------------------------------------------------
| > ---------------
| > Paul D. Robertson "My statements in this message are
| > personal opinions
| > paul@compuwar.net which may have no basis whatsoever in fact."
| > probertson@trusecure.com Director of Risk Assessment
| > TruSecure Corporation
| > _______________________________________________
| > firewall-wizards mailing list
| > firewall-wizards@honor.icsalabs.com
| > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
| >
| _______________________________________________
| firewall-wizards mailing list
| firewall-wizards@honor.icsalabs.com
| http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- In reply to: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- Next in thread: Luke Butcher: "RE: [fw-wiz] Log checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
