[RPZ] Logging analysis and consolidation (part II)
Eric Ziegast
ziegast at isc.org
Fri Feb 17 17:43:59 UTC 2012
Consider in your analysis that some browsers might do pre-fetching
which might yield false positives on either the DNS or HTTP download
side. Just a thought.
On 2/17/12 9:24 AM, Hugo Maxwell Connery wrote:
> * all RPZ responses from DNS resolvers are logged and shipped to a database
> * all visits to the walled garden are logged and shipped to the same database
> * the analysis web site allows querying of the raw data (DNS or Walled Garden),
> or the more interesting correlated data (DNS log + Walled Garden log --> person
> visiting nasty sites, or DNS with *no* corresponding Walled Garden log --> probable
> malware activity).
More information about the DNSfirewalls
mailing list