lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: salgatt at turtleshell.net (Scott M. Algatt)
Subject: Recommendations for a Passive Web Content
 Monitoring solution?

I know that Snort can sniff ICQ sessions.  I believe that the AIM rules do
it.  I have seen several communications between our users doing ICQ until
we blocked access to the ICQ server they were using.


Regards,

Scott M. Algatt

Behold the turtle. He makes progress only when he sticks his neck out.

On Thu, 10 Apr 2003, Andre Luis Quintaes Guimaraes wrote:

> One way to do it is to use squid running in transparent proxy mode (http
> accelerator in its configuration) and using the firewall to forward the
> packets to the transparent proxy. Although I would recommend setting up a
> normal proxy and configuring on your client machines.
> Then you could use one of the many squid log analyzers (even webtrends
> supports it) and get your reports.
> You would also gain navigation and save bandwidth by using a proxy. You can
> also configure it to not cache anything, just log.
>
> Btw, Im looking for a icq sniffer, I found one but its server (the packet
> analyzer and rtf decoder) was a windows delphi binary... Does anybody knows
> about one that runs on freebsd?
> ----- Original Message -----
> From: "Nick Jacobsen" <nick@...icsdesign.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Thursday, April 10, 2003 3:28 PM
> Subject: Re: [Full-Disclosure] Recommendations for a Passive Web Content
> Monitoring solution?
>
>
> > Maybe I was not specific enough.  When I said "Web Content Monitoring" I
> was
> > refering to monitoring the web site usage by employees during business
> > hours.  I am not specifically looking for something that would trace it
> back
> > to the employee, just something to give my client a good overview of most
> > the surfing.  I have seen the commercial solutions, such as silentrunner,
> > and websweeper, but those are targeted more toward stoping the viewing of
> > web sites, not just monitoring, plus, of course, they cost :)  Also, as I
> > said in my origian post, I realize I could implement this myself, but
> again,
> > I would rather not re-invent the wheel.
> >
> > Sorry if my original post was unclear
> >
> > Nick
> >
> > ----- Original Message -----
> > From: "Ed Carp" <erc@...ox.com>
> > To: "KF" <dotslash@...soft.com>; "Nick Jacobsen" <nick@...icsdesign.com>
> > Cc: <full-disclosure@...ts.netsys.com>
> > Sent: Thursday, April 10, 2003 9:47 AM
> > Subject: RE: [Full-Disclosure] Recommendations for a Passive Web Content
> > Monitoring solution?
> >
> >
> > > Overkill.  Why not use squid, which is included with every Linux system?
> > >
> > > > -----Original Message-----
> > > > From: full-disclosure-admin@...ts.netsys.com
> > > > [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of KF
> > > > Sent: Thursday, April 10, 2003 5:12 AM
> > > > To: Nick Jacobsen
> > > > Cc: full-disclosure@...ts.netsys.com
> > > > Subject: Re: [Full-Disclosure] Recommendations for a Passive Web
> Content
> > > > Monitoring solution?
> > > >
> > > >
> > > > Snort?
> > > >
> > > > http://www.snort.org/cgi-bin/sigs-search.cgi?sid=porn
> > > >
> > > > -KF
> > > >
> > > >
> > > > Nick Jacobsen wrote:
> > > >
> > > > >Not sure that this is an exactly suitable topic, but anything
> > > > seems to go,
> > > > >so...
> > > > >
> > > > >I am trying to find an open source (read free) PASSIVE web content
> > > > >monitoring solution.  We are looking for something that can be put on
> a
> > > > >network, and using promiscuous mode, capture and analyze web
> > > > traffic, etc...
> > > > >We would obviously place this in such a way that all network
> > > > traffic would
> > > > >pass by it.  Any suggestions would be welcome, though again, I am
> > looking
> > > > >for something specifically designed to do this, as I know I could
> > modify
> > > > >existing tools myself...
> > > > >
> > > > >Nick
> > > > >
> > > > >_______________________________________________
> > > > >Full-Disclosure - We believe in it.
> > > > >Charter: http://lists.netsys.com/full-disclosure-charter.html
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > > >
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ