[logs] SIM solution - Objectives ? (Firewall logging)
Marcus J. Ranum
mjr at ranum.com
Wed May 30 14:21:36 PDT 2007
Dave Ellingsberg wrote:
>B.) how do you find this host? In an edu setting we are open and many connections come and go from all parts of the world, and we have to allow them both ways on 80. So say from a firewall log built messsage how can I tell this is passwords and not normal web traffic?
What you've basically described is an environment that is not
conducive to accomplishing a great deal in the way of security.
You should, therefore, not ask for much - and expect less.
I see this reasoning a lot of the time in security. "Our premise
is that we wish to do something unsafe/stupid in an intelligent
and safe manner."
In the immortal words of HAL, "Sorry, Dave, I'm afraid I can't do that."
mjr.
More information about the LogAnalysis
mailing list