Thursday, November 15, 2007

Keep track of your ip / email

There are some things you might not want to block but just keep track of.
All the examples are HTTP proxy URL Path rules set to allow and log:

Your external ip:
*your_external_ip*

Your email domain:
*@your_domain.com*

China / Hong Kong / Russia:
*.cn*
*.hk*
*.ru*

Another idea would be to track you internal ip's with a regexe rule. To see if bot's are trying to report back to there C&C masters.