more oddities in 2.0.2
Carter Bullard
carter at qosient.com
Fri Sep 14 09:24:51 EDT 2001
Hey Russell,
Hmmmm, that shouldn't happen. Do you have a single record
that generates this output, so I can check a few things?
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Russell Fulton
> Sent: Thursday, September 13, 2001 7:00 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: more oddities in 2.0.2
>
>
> When using the -Z option on ra to display the tcp flags I am now
> regularly seeing tcp records with no flags (i.e. blank status
> field).
> Without the -Z flag these turn up as TIM records. They are now
> occurring in large enough numbers to trigger my scan alarms for some
> system (something like 2% of 'tcp and not est' ).
>
> This appears to be a change in behaviour with 2.0.2.
>
> What do these records represent?
>
> In the mean time I have patched watcher to ignore them.
>
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland, New Zealand
>
>
More information about the argus
mailing list