LogAnalysis
[logs] SIM Analysis of Firewall Logs Sep 27 2007 05:45PM
saudi sans (saudisans gmail com) (5 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 28 2007 06:22AM
Ajay Kumar (ajaykumar adventnet com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:04PM
Adrian Grigorof (adi grigorof com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:45PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 07:53PM
Michael Kinsley (michael kinsley sensage com) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:44PM
Michael Kinsley (michael kinsley sensage com)
s/detections/detection/

-M
On Sep 27, 2007, at 12:53 PM, Michael Kinsley wrote:

> o might I suggest using GeoIP? One of the requests I receive fairly
> often is to identify requests either leaving the country of origin
> or going to a particular country. A quick search on CPAN for GeoIP
> should get you to the right place.
>
> If you have competitors it is also reasonable to look for inbound/
> outbound connections from/to them. Although this won't catch people
> who go out of their way to avoid detections, its a nice metric to
> have handy... and I find most people still treat web browsing as if
> it were an anonymous activity.
>
> good luck.
>
> -Michael
>
>

<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">s/detections/detection/<DIV><BR class="khtml-block-placeholder"></DIV><DIV>-M<BR><DIV><DIV>On Sep 27, 2007, at 12:53 PM, Michael Kinsley wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; ">o might I suggest using GeoIP? One of the requests I receive fairly often is to identify requests either leaving the country of origin or going to a particular country.  A quick search on CPAN for GeoIP should get you to the right place.<DIV><BR class="khtml-block-placeholder"></DIV><DIV>If you have competitors it is also reasonable to look for inbound/outbound connections from/to them. Although this won't catch people who go out of their way to avoid detections, its a nice metric to have handy... and I find most people still treat web browsing as if it were an anonymous activity.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>good luck.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>-Michael</DIV><DIV><BR class="khtml-block-placeholder"><BR class="Apple-interchange-newline"></DIV></SPAN></BLOCKQUOTE></DIV><BR></
DIV></BODY></HTML>_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:25PM
Anton Chuvakin (anton chuvakin org) (1 replies)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 08:41PM
David Corlette (dcorlette novell com)
Re: [logs] SIM Analysis of Firewall Logs Sep 27 2007 06:14PM
Daniel Cid (dcid ossec net)


 

Privacy Statement
Copyright 2010, SecurityFocus