Re: Investigation- Web pages visited

From: Austin Murkland (amurkland_at_merydion.com)
Date: 11/04/05

  • Next message: Steven Jones: "RE: Why NOT to disable Real Time Antivirus on Servers" 
    Date: Thu, 03 Nov 2005 17:57:31 -0800
To: gillettdavid@fhda.edu

    I can't take credit for this website, or how well it does or doesn't
    function but when this question came up before, this website was posted
    in response... hopefully this will prove more useful to you than it did
    for me.

    http://www.searchmee.com/web-info/ip-hunt.php

    Austin Murkland

    David Gillett wrote:
    > It's really easy for multiple sites to be hosted on a single
    > server, so the IP address is inadequate for this. If I see
    > suspicious activity like this, I look inside the HTTP "GET"
    > header to find the site name.
    > You *might* be able to make a pretty good guess by logging
    > DNS resolutions, too....
    >
    > David Gillett
    >
    >
    >
    >> -----Original Message-----
    >> From: Steve Barron [mailto:thurgoodj187@hotmail.com]
    >> Sent: Wednesday, November 02, 2005 11:09 AM
    >> To: security-basics@securityfocus.com
    >> Subject: Investigation- Web pages visited
    >>
    >> Hi
    >>
    >> I am trying to investigate some possible corporate policy
    >> violations, mostly involving porn. My IDS matches rules for
    >> certain criteria and looks for banned words in html. When I
    >> get the ip, i can query it, but most of the time I get info
    >> about a hosting provider. When I attempt to access the ip
    >> http://155.X.X.X i get either some generic page or a 404
    >> error. Is there any way to find out what sites are hosted at
    >> a given IP? My logs have not been much help for this.
    >>
    >> Thanks
    >>
    >> Steve
    >>
    >>
    >>
    >
    >
    >
    >

  • Next message: Steven Jones: "RE: Why NOT to disable Real Time Antivirus on Servers"