IDS mailing list archives
Re: Anyone else using Argus for monitoring?
From: Skip Carter <skip () taygeta com>
Date: Wed, 02 Jul 2003 10:58:17 -0700
I've been using Argus (http://www.qosient.com/argus/) for a few months and have found it very useful for detecting activity, especially recon from a single source to a single port against my single cable modem IP.
We use Argus here along with Snort and other tools. It can be useful, but we have found the analysis tools somewhat limited when dealing with large or multiple networks (e.g. it can be hard to pick out an important event/pattern in a busy network). I am currently writing some backend processing tools for Argus in order to try to make it easier to digest the results and to correlate what it sees with what other security sensors are seeing. Skip -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Anyone else using Argus for monitoring? Richard Bejtlich (Jul 02)
- Re: Anyone else using Argus for monitoring? Skip Carter (Jul 02)
- Re: Anyone else using Argus for monitoring? Anton A. Chuvakin (Jul 02)