proxy logs virtually useless

Email lists > Endian Firewall developers

Thread: proxy logs virtually useless

Search this list only Search all lists
proxy logs virtually useless
	2006-07-30 09:20:20
Feature Requests item #1519726, was opened at 2006-07-09 23:35 Message generated for change (Comment added) made by dayne You can respond by visiting: https://sourcefo rge.net/tracker/?func=detail&atid=725142&aid=1519726 &group_id=132104 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface Improvements (example) Group: None Status: Open Priority: 5 Submitted By: Code_Slave (code_slave) Assigned to: Nobody/Anonymous (nobody) Summary: proxy logs virtually useless Initial Comment: can we please add the option on the firewall to log the NIC of the computer connecting from the "safe zone" the proxy log is useless if you have a dhcp that allocates an ip address from a pool. infact any data recorded by the firewall that relies on a floating ip addess is useless. i don't see the point in allowing a user to setup a procy server for webacess that allows the NIC address to be used/blocked, but then all teh logging is attached to a random ip address. ------------------------------------------------------------ ---------- Comment By: Dayne Lucas (dayne) Date: 2006-07-30 09:20 Message: Logged In: YES user_id=1391124 Another option, if you have non-technical managers, would be to use proxy authentication, where the users are authenticated with LDAP or RADIUS. That way you have an easier to understand format (the username) rather than an IP and MAC address. Then non-technical managers can reference the username in the proxy log, which is far more people friendly than a number...a.k.a the very reason why DNS was developed. Best regards, Dayne ------------------------------------------------------------ ---------- Comment By: Dayne Lucas (dayne) Date: 2006-07-30 08:44 Message: Logged In: YES user_id=1391124 Quite frankly your argument is moot. What is the difference between using time as a reference of look up and a MAC address? Even if you had a pool of 200 IP addresses, with an update frequency of an hour, 9 times out of 10 the client is going to request the same IP address from the DHCP server, and the server will assign the same IP. Even if you get the MAC you are still going to reference the DHCP Log, which can be made available quite easily, and searched quite easily too. Just reference the time in the log with the IP listed its that simple, and you don't need a super computer for that. If you have your networked synchronised with an NTP server time is a better point of reference with your DHCP logs than a MAC address that can be spoofed. Best regards, Dayne ------------------------------------------------------------ ---------- Comment By: Code_Slave (code_slave) Date: 2006-07-29 03:16 Message: Logged In: YES user_id=413743 dane, thanks for your valuable input. Note that this is a feature request, FOR INTERNAL ALLOCATED DHCP ADDRESSES. If your answer is always going to be , "such and such does this and that , so that makes it O.K", then don't expect the product to improve. what you say is basically moot, when the clients are using "Dynamic Dhcp" from a pool of 200., re-newing once an hour, perhaps you also think that it is ok to crack open 50 tools to link and cross check the information, possibly we could upload it to an oracle database, and then use a cray to index it. Adding in the NIC address goes a long way to solving most of these problems, for internal Dhcp. At the end of the day , when you have 200 branch shops, all you need is a quick way for the managers to be able to check what their users are doing, they do not have the time to start screwing about with nmap & other tools, esp when tey are NOT system admins. ------------------------------------------------------------ ---------- Comment By: Dayne Lucas (dayne) Date: 2006-07-23 07:45 Message: Logged In: YES user_id=1391124 Most firewalls, only log the IP of the client, Astaro, Fortinet and Sonicwall all log the IP and not the MAC because MAC address can be spoofed easier than IP. In the log you have the time and date plus IP address, all you need to do is cross reference that with you DHCP log and you will have the node. A firewall is not the be all and end all, you have to do some investigate yourself. Best regards, Dayne ------------------------------------------------------------ ---------- You can respond by visiting: https://sourcefo rge.net/tracker/?func=detail&atid=725142&aid=1519726 &group_id=132104 ------------------------------------------------------------ ------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default. php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-devel mailing list Efw-devellists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-devel

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists