argus option review
Scott A. McIntyre
scott at xs4all.nl
Fri Jan 26 06:55:09 EST 2001
Hi,
> Actually, I can't imagine using argus in anything other than
> promiscuous mode.
I'm in agreement here -- so the default of on makes sense.
> : The next is the "-P" option. This specifies the port that we will
> : listen on for remote access. You set this to 0 (zero) to turn this
> : feature off. Should we turn this on or off by default?
>
> Hmm. I seem to be zero for two. :) I think the port number should
> be off by default, for security reasons. (If a port's not on, it
> can't be exploited.)
I definitely feel this should be off, as William does. It is "one less
thing to worry about" essentially.
> I agree, but this is purely a personal preference. My logs already
> grow to 50-75M every 15 minutes, and a large increase would force
> me to buy bigger disks. Not a really good reason to justify
> something. :)
I tend to get about 12 to 15 megs per minute at the moment, growing to
nearly 10 times that amount later in the day. I need to write better
filters and learn more about how to use the flow features...till then,
I'm keeping use to a minimum.
Keeps the disks warm!
Scott
More information about the argus
mailing list