IDS mailing list archives

Re: Anyone else using Argus for monitoring?

From: Skip Carter <skip () taygeta com>
Date: Wed, 02 Jul 2003 10:58:17 -0700

I've been using Argus (http://www.qosient.com/argus/)
for a few months and have found it very useful for
detecting activity, especially recon from a single
source to a single port against my single cable modem
IP.


We use Argus here along with Snort and other tools.
It can be useful, but we have found the analysis tools
somewhat limited when dealing with large or multiple networks
(e.g. it can be hard to pick out an important event/pattern
in a busy network).

I am currently writing some backend processing tools for Argus
in order to try to make it easier to digest the results and to
correlate what it sees with what other security sensors are seeing.



Skip



-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            












-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Current thread:

Anyone else using Argus for monitoring? Richard Bejtlich (Jul 02)
- Re: Anyone else using Argus for monitoring? Skip Carter (Jul 02)
- Re: Anyone else using Argus for monitoring? Anton A. Chuvakin (Jul 02)