ra filter has changed behaviour ??
Russell Fulton
r.fulton at auckland.ac.nz
Tue Mar 6 18:49:42 EST 2001
Since I installed beta 9 I have been getting lots of non IP traffic
through the following filter which I use for my slow scan detector.
'icmp or frag or udp or \(tcp and \(not est\) and \(not
\(port 80 or port 113 or port 25 or port 53\)\)\)';
We clearly still have some lat terminal servers somewhere on campus as
well as all sorts of other garbage floating around.
I'll patch the job to print its filter tonight just to make quite sure
that the problem isn't here.
Cheers, Russell.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list