Anyone else using Argus for monitoring?

From: Richard Bejtlich (richard_bejtlich_at_yahoo.com)
Date: 06/30/03

  • Next message: Brian Laing: "RE: best ids placement?" 
    Date: Mon, 30 Jun 2003 07:20:10 -0700 (PDT)
To: focus-ids@securityfocus.com

    Hello,

    I've been using Argus (http://www.qosient.com/argus/)
    for a few months and have found it very useful for
    detecting activity, especially recon from a single
    source to a single port against my single cable modem
    IP.

    For example, I've seen activity to ports 2, 57, and
    3410 TCP recently and describe the activity (with
    links to more info) on my 30 Jun 03 blog entry, if
    anyone is interested:

    http://taosecurity.blogspot.com

    Is anyone else using Argus? Jed Haile gave a short
    presentation at CanSecWest on using Argus to monitor
    network flows. Russell Fulton has been doing the same
    thing with Argus for at least four years.

    Sincerely,

    Richard Bejtlich
    richard at taosecurity dot com
    http://taosecurity.com

    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month!
    http://sbc.yahoo.com

    -------------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's to
    "underground" security specialists. See for yourself what the buzz is about!
    Early-bird registration ends July 3. This event will sell out. www.blackhat.com
    -------------------------------------------------------------------------------

  • Next message: Brian Laing: "RE: best ids placement?"