Status of Argus?
Chas DiFatta
chas at difatta.org
Sat Aug 16 18:37:08 EDT 2003
Mark,
I think I see the overall problem.
Some history and forensics:
Initially when Carter and I left the SEI in 94-95, the official
Argus 1.5 distribution site was ftp.sei.cmu.edu and at ftp.cert.org.
Then you left the SEI in 98 and offered to keep the distribution
at ftp.sei.cmu.edu. You moved 1.5 to ftp.andrew.cmu.edu and but a
README at ftp.sei.cmu.edu and ftp.cert.org stating,
All releases of Argus have been moved to
ftp://ftp.andrew.cmu.edu/pub/argus/
which still exists at the SEI. There is also a dead link
there as well,
ftp.sei.cmu.edu/pub/argus-1.5
FYI, on ftp.cert.org, there is not any mention of Argus at this time.
When Carter launched 1.8, ftp.andrew.cmu.edu was still the
main distribution point. When he launched 2.0, www.qosient.com
become the distribution point, and ftp.andrew.cmu.edu was trying
to keep in sync with source.
The state of ftp.andrew.cmu.edu now is that it still has the 2.0.4
source.
Suggested plan of attack a.s.a.p.:
1. On both,
ftp.andrew.cmu.edu/argus
ftp.sei.cmu.edu
put a README that says the official distribution has
been moved to www.qosient.com/argus, that the mailing
list is argus-info at lists.andrew.cmu.edu and describe
now to subscribe to the list. Carter may wish to wordsmith
this.
2. Tell rek to remove the bad link ftp.sei.cmu.edu/pub/argus-1.5
3. Remove all code and directories on ftp.andrew.cmu.edu/argus
except the new README.
This now makes all past paths to Argus consistent and gives
Carter total control to make www.qosient.com/argus the focal
point for the introduction, primers, dists or whatever. Looking
at www.qosient.com/argus, Carter should update the latest news
section since it only points to Jan 01 13:15:00 EST 2003, and
if someone could provie an Web version of the mailling list
that he could point to, it could really help.
...Chas
>-----Original Message-----
>From: owner-argus-info at lists.andrew.cmu.edu
>[mailto:owner-argus-info at lists.andrew.cmu.edu]On Behalf Of Mark Poepping
>Sent: Friday, August 15, 2003 10:38 AM
>To: argus-info at lists.andrew.cmu.edu
>Subject: RE: Status of Argus?
>
>
>
>by the way, some of this perception is probably my fault. I'd thought I'd
>pulled the old versions and pointed to www.qosient.com/argus, but I just
>realized that I still have a copy of 2.0.4 on ftp.andrew.cmu.edu/argus.. I
>guess I'll chat with Carter to see what best to do here..
>mark.
>
>> -----Original Message-----
>> From: owner-argus-info at lists.andrew.cmu.edu [mailto:owner-argus-
>> info at lists.andrew.cmu.edu] On Behalf Of Richard Bejtlich
>> Sent: Friday, August 15, 2003 11:18 AM
>> To: argus-info at lists.andrew.cmu.edu
>> Subject: Status of Argus?
>>
>> Hello,
>>
>> I'm a big Argus fan. Recently I attended USENIX
>> Security in DC and mentioned Argus during a talk on
>> IDS by Marcus Ranum. Several members of the audience
>> responded negatively saying Argus was "old code" that
>> wasn't maintained. Others complained the qosient.com
>> site looked like it was not being updated, and
>> questioned the viability and existence of a commercial
>> Argus product.
>>
>> Is there anything that can be done to change these
>> people's perceptions? What is the status of the
>> commercial Argus project?
>>
>> Thank you,
>>
>> Richard Bejtlich
>> http://taosecurity.com
>> richard at taosecurity dot com
>>
>> __________________________________
>> Do you Yahoo!?
>> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>> http://sitebuilder.yahoo.com
>
>
>
>
More information about the argus
mailing list