Educause Security Discussion mailing list archives
Re: capturing full URL information via DNS request logs
From: Rich Graves <rgraves () CARLETON EDU>
Date: Wed, 9 Oct 2013 15:40:44 -0500
Keep in mind that most browsers will prefetch DNS results for visible hyperlinks. This will give you false positives if you're trying to figure out who clicked on malware/phishing links, for example. You need to join with netflow/proxy/firewall/nat logs to be sure.
Current thread:
- capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 09)
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)
- Re: capturing full URL information via DNS request logs Shettler, David (Oct 09)
- Re: capturing full URL information via DNS request logs Roger A Safian (Oct 09)
- Re: capturing full URL information via DNS request logs Rich Graves (Oct 09)
- Re: capturing full URL information via DNS request logs Ian McDonald (Oct 09)
- Re: capturing full URL information via DNS request logs Will Froning (Oct 09)
- Re: capturing full URL information via DNS request logs Justin Azoff (Oct 09)
- Re: capturing full URL information via DNS request logs Kevin Wilcox (Oct 09)
- Re: capturing full URL information via DNS request logs Dave Koontz (Oct 09)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- Re: capturing full URL information via DNS request logs Philip Webster (Oct 09)
- Re: capturing full URL information via DNS request logs Youngquist, Jason R. (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 10)
- Re: capturing full URL information via DNS request logs John Ladwig (Oct 09)
- <Possible follow-ups>
- Re: capturing full URL information via DNS request logs Harry Hoffman (Oct 09)