Are we archiving the list? (and argus 2.0)
dbrumley at rtfm.stanford.edu
Tue Jun 13 22:27:34 EDT 2000
The mailing list is archived at
On Tue, 13 Jun 2000, Peter Van Epp wrote:
> I managed to delete Carter's message this morning before reading it.
> Do I remember someone starting an archive of the list? If so would someone
> supply a pointer to the archive and/or forward me a copy of Carter's message
> To make this not a completely useless post, I've thought of another
> 2.0 requirement (although it isn't really argus): we need to modify the bpf
> filter to return the entire IP header (rather than a fixed length). As it
> stands should I want to avoid being caught by argus while doing something
> undesirable, I fill my headers with options to overflow the input buffer before
> the interesting headers are appended.
> I have also been playing with tcpreplay from
> http://www.anzen.com/research/nidsbench to provide reproducable, variable rate
> traffic streams to argus. For instance my 386 at home can capture up to about
> 4 megabits per second before it starts losing packets (and that looks to be
> bpf/ the kernel not argus). When I have done some more poking I'll report
> further, but it looks like an excellent tool for testing network gear in
> general and IDSs in particular.
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
Securing NT. Insert Linux boot disk to continue......
"I have opinions, my employer does not."
More information about the argus