traffic labeling and argus-clients-3.0.2

carter at qosient.com carter at qosient.com
Tue Mar 17 08:56:35 EDT 2009 

Hey Phillip,
Yes, and there is an opportunity to enhance the radium control protocol to modify the list on the fly, as well.

Right now, most ra* programs will exit if they get a SIGHUP, but we can have radium re-read all of its configurations if you send it this signal.  I'll have to do a bit of work to see if the conf changes change the source of data, security options etc, but we can do that.

Radium has a control protocol that its clients use to negotiate security capabilities, setup filters, request the type of data (file, stream) and to do overt flow control on the data stream.  We could change labels on the fly using this protocol, but it will need some thought to do it right.

Carter

------Original Message------
From: Phillip Deneault
To: Carter Bullard
Cc: Argus
Subject: Re: [ARGUS] traffic labeling and argus-clients-3.0.2
Sent: Mar 17, 2009 8:35 AM

Hypothetically speaking, would it be possible to add a signal to re-read
the radium config file and the list of classifiers to be able to
dynamically add and remove labels without restarting the daemon?

Then one could dynamically labels flows with things that are dynamically
evil. :-)

Phil

Carter Bullard wrote:
> In the new radium.conf configuration file is a new option,
> RADIUM_CLASSIFIER_FILE, so you can specify a label configuration.
> An example of this file can be found in ./support/Config/ralabel.conf.
> You can have any number of specific addresses, or ranges, CIDR
> formats whatever.  The labels can overlap, and when they do
> radium() adds multiple labels, with ","'s as seperators.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Phil Deneault              "We work in the dark. We do what we can.
deneault at wpi.edu                              We give what we have.
Network Security Officer 		  Our doubt is our passion,
Information Security                   and our passion is our task.
Worcester Polytechnic Institute    The rest is the madness of art."
http://www.wpi.edu/~deneault/   		      - Henry James
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




Sent from my Verizon Wireless BlackBerry

More information about the argus mailing list