Hosting Provided By

Re: WFA and network forensics

From: kris carlier <kris(at)iguana.be>
Date: Tue Jul 29 2003 - 14:38:11 EDT

Hi JJ,

>
> I'm not sure if this is the right place for this, but I'm giving it a shot anyway.

I'm glad at least your question got through the moderator's scrutiny, perhaps mine won't.
Not sure whether this is something you want to cope with, since you risk getting loads of false negatives. E.g. go anywhere these days, where you can download free pr0n, if you've got an account with plenty of free webspace available, you may get yourself a free subscription by just making available your webspace. Good for you and me, but for categorization this may mean you're getting 1 line for e.g. www.sexparty.tv - perhaps the user was tricked into this ? - followed by a series of users.skynet.be/~somebody/1.mpg etc files. It of course all depends upon the number of lines you're analysing, but even on relatively small sites (like the one I've been doing till the end of last year) you may have several millions of objects per day (lines). If you can correctly categorize a small amount of it, perfect...

Suggestion: google for "Fabrice Prigent squidguard" and you'll find some hints

kr=

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Jul 30 20:11:53 2003

This message: [ Message body ]
Next message: Reava, Jeffrey [IT/0200]: "RE: WFA and network forensics"
In reply to JJ: "WFA and network forensics"
Next in thread: woofz(at)gmx.net: "Re: WFA and network forensics"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT