Hosting Provided By

Anyone else using Argus for monitoring?

From: Richard Bejtlich <richard_bejtlich(at)yahoo.com>
Date: Mon Jun 30 2003 - 10:20:10 EDT

Hello,

I've been using Argus (http://www.qosient.com/argus/) for a few months and have found it very useful for detecting activity, especially recon from a single source to a single port against my single cable modem IP.

For example, I've seen activity to ports 2, 57, and 3410 TCP recently and describe the activity (with links to more info) on my 30 Jun 03 blog entry, if anyone is interested:

http://taosecurity.blogspot.com

Is anyone else using Argus? Jed Haile gave a short presentation at CanSecWest on using Argus to monitor network flows. Russell Fulton has been doing the same thing with Argus for at least four years.

Sincerely,

Richard Bejtlich
richard at taosecurity dot com
http://taosecurity.com

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com

Received on Wed Jul 2 10:30:27 2003

This message: [ Message body ]
Next message: Brian Laing: "RE: best ids placement?"
Previous message: Daniel Berg: "snort and samhain - opinions please"
Next in thread: Anton A. Chuvakin: "Re: Anyone else using Argus for monitoring?"
Reply: Anton A. Chuvakin: "Re: Anyone else using Argus for monitoring?"
Reply: Brian Laing: "RE: best ids placement?"
Reply: Skip Carter: "Re: Anyone else using Argus for monitoring?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:15 EDT

Do you need help?