Argus-info Digest, Vol 15, Issue 15
Carter Bullard
carter at qosient.com
Fri Nov 17 13:43:24 EST 2006
Hmmm, no specific SCTP support, although we will track it as a
distinct protocol, and
give you the standard stats on it. I have some real headache issues
with SCTP,
especially since IPFIX requires it. As a result, I have not
included SCTP as a transport
strategy for argus, primarily because there is no rational
justification for it, as so few
systems support SCTP out of the box. No manpage for sctp on my MAC
OS X, RH linux,
Fedora, windoze, or any of the IRIX or Solaris machines I have access
to. Until firewalls
have some form of stateful access control for sctp, it probably won't
get off the ground in
any meaningful way. Many universities now explicitly block SCTP,
and many US Gov't
sites are starting to block it, as it is seen as firewall bypass
technology.
I know every IETF'r in the world thinks SCTP is important, but, you
know, I haven't
seen a single SCTP flow yet.
I also use the FedoraForum.org issues with SCTP boards as an
indication of SCTP use and
maturity. Currently there are still several "send a single SCTP
packet to a Fedora host
and watch it blow up" issues. Argus will report the existence of
these packets correctly
now, so, maybe we don't have to do much to still provide a good audit
for sctp.
Carter
On Nov 14, 2006, at 10:17 PM, CS Lee wrote:
> Carter,
>
> I never know about rashito(), it is newly developed in argus 3.0?
> Graph of the Week is pretty interesting to me. I have another
> question - is sctp supported by argus?
>
> Thanks.
>
> On 11/15/06, argus-info-request at lists.andrew.cmu.edu < argus-info-
> request at lists.andrew.cmu.edu> wrote:
> Send Argus-info mailing list submissions to
> argus-info at lists.andrew.cmu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
> or, via email, send a message with subject or body 'help' to
> argus-info-request at lists.andrew.cmu.edu
>
> You can reach the person managing the list at
> argus-info-owner at lists.andrew.cmu.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Argus-info digest..."
>
>
> Today's Topics:
>
> 1. Arp transaction completion bug? (carter at qosient.com)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 14 Nov 2006 13:51:38 +0000
> From: carter at qosient.com
> Subject: [ARGUS] Arp transaction completion bug?
> To: "Argus" < argus-info at lists.andrew.cmu.edu>
> Message-ID:
> <1536281440-1163512393-cardhu_blackberry.rim.net-1681069969-
> @bwe032-cell00.bisx.prod.on.blackberry >
>
> Content-Type: text/plain
>
> Gentle people,
> I found a bug in arp processing, so I'll update the code, hopefully
> later tonight, tomorrow. Any reactions to the graph of the week?
>
> Carter
>
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 15, Issue 15
> ******************************************
>
>
>
> --
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061117/5a862880/attachment.html>
More information about the argus
mailing list