Graph of the Week at http://qosient.com/argus
Peter Van Epp
vanepp at sfu.ca
Wed Sep 13 22:33:41 EDT 2006
<snip>
>
> I'd be interested in seeing a range of practical applications of
> argus, supported by either graphs or straight terminal output, and
> focusing on pointed, practical tasks. For example, my activities
> revolve around security monitoring and incident response, and I'm
> interested in learning more about how traffic anomalies can be
> identified by argus and how we can accomplish better network auding
> capabilities (for example, correlating a given IDS event with "other"
> traffic flows that we see for possibly compromised hosts, or even just
> enumerating hosts and ports that the suspect has communicated with in
> the last n hours.) Also, what sort of things is argus better suited
> for in these regards compared to things like netflow and sflow or
> rmon?
>
> TIA
>
> DS
Some light reading on the subject :-)
http://www.usenix.org/publications/login/2001-11/pdfs/epp.pdf
http://www.malmedal.net/Malmedal_Master_Thesis.pdf
http://www.internet2.edu/presentations/jtvancouver/20050720-Argus-VanEpp.pdf
If any one knows of more papers please post!
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list