Security Basics mailing list archives
RE: Investigation- Web pages visited
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 2 Nov 2005 14:19:15 -0800
It's really easy for multiple sites to be hosted on a single server, so the IP address is inadequate for this. If I see suspicious activity like this, I look inside the HTTP "GET" header to find the site name. You *might* be able to make a pretty good guess by logging DNS resolutions, too.... David Gillett
-----Original Message----- From: Steve Barron [mailto:thurgoodj187 () hotmail com] Sent: Wednesday, November 02, 2005 11:09 AM To: security-basics () securityfocus com Subject: Investigation- Web pages visited Hi I am trying to investigate some possible corporate policy violations, mostly involving porn. My IDS matches rules for certain criteria and looks for banned words in html. When I get the ip, i can query it, but most of the time I get info about a hosting provider. When I attempt to access the ip http://155.X.X.X i get either some generic page or a 404 error. Is there any way to find out what sites are hosted at a given IP? My logs have not been much help for this. Thanks Steve
Current thread:
- Investigation- Web pages visited Steve Barron (Nov 02)
- Re: Investigation- Web pages visited Bryan S. Sampsel (Nov 03)
- Re: Investigation- Web pages visited Saqib Ali (Nov 03)
- Re: Investigation- Web pages visited Brian Loe (Nov 03)
- RE: Investigation- Web pages visited David Gillett (Nov 03)
- Re: Investigation- Web pages visited Austin Murkland (Nov 04)
- Re: Investigation- Web pages visited Mark Owen (Nov 07)