[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Internet History tool

To: Rodrick Brown <rodrick.brown@gmail.com>
Subject: Re: [SAGE] Internet History tool
From: Lyndon Nerenberg <lyndon@orthanc.ca>
Date: Fri, 5 Jan 2007 19:25:57 -0800
Cc: "Aaron Bridge" <a.bridge@insightbb.com>, sage-members@sage.org
In-Reply-To: <bb075cdf0701051912t304cf34dk372952d14e55daf9@mail.gmail.com>
References: <459EDC88.7070706@insightbb.com> <bb075cdf0701051912t304cf34dk372952d14e55daf9@mail.gmail.com>
Sender: owner-sage-members@usenix.org

> Just setup a transparent Proxy of some sort possibly squid then parse
> the squid access logs.

Or a snort rule, if you can coerce all the traffic through a Unix- 
based border router.

The problem with these solutions is they can't log SSL-protected  
traffic (other than the destination end point network address and  
port).  And if the client can strike any form of encrypted tunnel,  
you won't even get that.

--lyndon

References:
- [SAGE] Internet History tool
  - From: Aaron Bridge <a.bridge@insightbb.com>
- Re: [SAGE] Internet History tool
  - From: "Rodrick Brown" <rodrick.brown@gmail.com>

Prev by Date: Re: [SAGE] Internet History tool
Next by Date: Re: [SAGE] Internet History tool
Prev by thread: Re: [SAGE] Internet History tool
Next by thread: Re: [SAGE] Internet History tool
Index(es):
- Date
- Thread