IDS mailing list archives

Anyone else using Argus for monitoring?

From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Mon, 30 Jun 2003 07:20:10 -0700 (PDT)

Hello,

I've been using Argus (http://www.qosient.com/argus/)
for a few months and have found it very useful for
detecting activity, especially recon from a single
source to a single port against my single cable modem
IP.  

For example, I've seen activity to ports 2, 57, and
3410 TCP recently and describe the activity (with
links to more info) on my 30 Jun 03 blog entry, if
anyone is interested:

http://taosecurity.blogspot.com

Is anyone else using Argus?  Jed Haile gave a short
presentation at CanSecWest on using Argus to monitor
network flows. Russell Fulton has been doing the same
thing with Argus for at least four years.

Sincerely,

Richard Bejtlich
richard at taosecurity dot com
http://taosecurity.com

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Current thread:

Anyone else using Argus for monitoring? Richard Bejtlich (Jul 02)
- Re: Anyone else using Argus for monitoring? Skip Carter (Jul 02)
- Re: Anyone else using Argus for monitoring? Anton A. Chuvakin (Jul 02)