cahunt Agreed that the available information of majority malicious activities was IP address and time of activities. If on network of dynamic addressing, we need current or historic data from DHCP, DNS, ARP, MAC, etc to allocate the offending device. When we have an incident, we hope that we have all information available to us.
↧