Traffic Profiling
Andrew Thompson
andrew at hijacked.us
Sun Feb 4 19:50:03 EST 2007
Hi all, new to the list but this is relevant to what we're doing with
argus at work...
On Thu, Feb 01, 2007 at 11:29:15AM -0700, twebster at blackhillscorp.com wrote:
> 1. Knowing that others have used Argus to profile networks, what methods
> work? Did you develop any scripts to automate the process?
We've documented how we're doing this at work here:
http://wtf.hijacked.us/wiki/index.php/Argus . We're in the process of
replacing an ancient cisco PIX with a pf firewall. Currently we have a
machine set up as a bridging firewall behind the PIX where we can watch
session data and gradually build a ruleset as well as a 'whitelist' of
legitimate traffic we don't really care to see in our monitoring.
Andrew
More information about the argus
mailing list