LogAnalysis
[logs] SIM Analysis of Firewall Logs Sep 27 2007 05:45PM
saudi sans (saudisans gmail com) (5 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 28 2007 06:22AM
Ajay Kumar (ajaykumar adventnet com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:04PM
Adrian Grigorof (adi grigorof com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:45PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:53PM
Michael Kinsley (michael kinsley sensage com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:44PM
Michael Kinsley (michael kinsley sensage com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:25PM
Anton Chuvakin (anton chuvakin org) (1 replies)
> -- From ACCEPT/PERMIT traffic
> -- I really have no clue on what we can report on this.Top 10 traffic
> generators or something

Oooh, this is THE most fun part - examples:

- internal servers acting as clients (owned boxes)
- depending upon the rule set, denied outbound conns are interesting
- top outbound allowed/denied ports (trojans? other fun stuff)
- many others .. need to dig into my archives

As you can guess :-) I have a paper in the works on just the outbound
firewall log analysis.

Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:41PM
David Corlette (dcorlette novell com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:14PM
Daniel Cid (dcid ossec net)


 

Privacy Statement
Copyright 2010, SecurityFocus