more oddities in 2.0.2
Russell Fulton
r.fulton at auckland.ac.nz
Thu Sep 13 19:00:02 EDT 2001
When using the -Z option on ra to display the tcp flags I am now
regularly seeing tcp records with no flags (i.e. blank status field).
Without the -Z flag these turn up as TIM records. They are now
occurring in large enough numbers to trigger my scan alarms for some
system (something like 2% of 'tcp and not est' ).
This appears to be a change in behaviour with 2.0.2.
What do these records represent?
In the mean time I have patched watcher to ignore them.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list