Argus - Anomaly Detection
CS Lee
geek00l at gmail.com
Sat Sep 23 11:08:09 EDT 2006
Hi all,
Does argus includes ipid and seq numbers in its flow data as well, I had
seen some neat codes on using tcp header and ip header for channel
coverting. Or does anyone has done this kind of detection using argus and
would like to share about it, such as building the profile of certain OS on
its IPID and Seq Num Implementation to detect abnormal
traffics. It would be good to share since this kind of traffics can't
be detected via payloads but header wise.
Cheers.
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060923/b00146f8/attachment.html>
More information about the argus
mailing list