IDS mailing list archives
Anyone else using Argus for monitoring?
From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Mon, 30 Jun 2003 07:20:10 -0700 (PDT)
Hello, I've been using Argus (http://www.qosient.com/argus/) for a few months and have found it very useful for detecting activity, especially recon from a single source to a single port against my single cable modem IP. For example, I've seen activity to ports 2, 57, and 3410 TCP recently and describe the activity (with links to more info) on my 30 Jun 03 blog entry, if anyone is interested: http://taosecurity.blogspot.com Is anyone else using Argus? Jed Haile gave a short presentation at CanSecWest on using Argus to monitor network flows. Russell Fulton has been doing the same thing with Argus for at least four years. Sincerely, Richard Bejtlich richard at taosecurity dot com http://taosecurity.com __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Anyone else using Argus for monitoring? Richard Bejtlich (Jul 02)
- Re: Anyone else using Argus for monitoring? Skip Carter (Jul 02)
- Re: Anyone else using Argus for monitoring? Anton A. Chuvakin (Jul 02)