Re: [fw-wiz] Log checking?
From: Adrian Grigorof (adrian_at_grigorof.com)
Date: 09/29/04
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Log checking?"
- In reply to: Paul D. Robertson: "[fw-wiz] Log checking?"
- Next in thread: Rodel Collado Urani: "RE: [fw-wiz] Log checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 28 Sep 2004 23:56:39 -0400
We use the FireGen "IP Forensics" analysis
(http://www.eventid.net/firegen/ipforensics_report.asp) to see what kind of
traffic various applications generate. You can learn many things (for
example, what a certain IM application does at startup, what is the Google
bar recording in regards to the sites that you visit etc...) Quite often, we
discover configuration problems (i.e. DNS requests against servers long
gone).
Regards,
Adrian Grigorof
----- Original Message -----
From: "Paul D. Robertson" <paul@compuwar.net>
To: <firewall-wizards@honor.icsalabs.com>
Sent: Tuesday, September 28, 2004 4:05 PM
Subject: [fw-wiz] Log checking?
[...]
> I'm just wondering if the subset of folks who actually look at their
> firewalls mostly looks at denied traffic only, or if it's a common
> practice to look at the permitted stuff too? If so, what sorts of things
> are you using, and are you finding anything interesting?
[...]
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Log checking?"
- In reply to: Paul D. Robertson: "[fw-wiz] Log checking?"
- Next in thread: Rodel Collado Urani: "RE: [fw-wiz] Log checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
