RE: [fw-wiz] Log checking?

From: Ben Nagy (ben_at_iagu.net)
Date: 09/29/04

  • Next message: Rodel Collado Urani: "RE: [fw-wiz] Log checking?"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 29 Sep 2004 11:58:13 +0200
    
    

    I think there is some mileage to be had in logging the volume of denied
    outbound traffic over time. Spikes in things like IRC, HTTP to funny ports,
    TFTP etc can be great indicators of infection with various kinds of malware.
    And of course all that stuff would already be blocked outbound, right? ;)

    I was just talking to a customer about ten minutes ago who identified a new
    agobot variant that way.

    I would agree that logging denied inbound is good for nothing but wasting
    disk space and the occasional chuckle, unless you are interested in helping
    people like ISC graph global attack trends.

    I think that there are even some commercial systems that do this for a
    living, but I don't know very much about them.

    Cheers,

    ben

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Rodel Collado Urani: "RE: [fw-wiz] Log checking?"

    Relevant Pages

    • Re: Please help! HTTP protocol violation error using HttpWebRequest
      ... It worked when logging in the site, ... an HTTP prococol violation error when it is used to retrieve a report. ... HTTP protocol violation. ...
      (microsoft.public.dotnet.languages.csharp)
    • 500 Internal Server Error
      ... When logging into RWW or OWA I was getting HTTP 404 - File not found.Now I ...
      (microsoft.public.windows.server.sbs)
    • Re: Where can you get these?
      ... don't forget the logging uses of these. ... scenes need is sheaves for the rigging. ... http: slash /nav.to slash bobmay ... http: slash /bobmay dot astronomy.net ...
      (rec.models.railroad)
    • Re: Security
      ... Jasen Betts wrote: ... uses the services, and logs out. ... After logging out, if the user click ... is merely HTTP over SSL/TLS. ...
      (comp.lang.javascript)
    • Re: Security
      ... uses the services, and logs out. ... After logging out, if the user click ... is merely HTTP over SSL/TLS. ... login form and a server based session. ...
      (comp.lang.javascript)