which is the best front web interface for me ?

modversion modversion at gmail.com
Wed Aug 4 21:16:13 EDT 2010 

Thank you carter,I will try to do something with Periscope,but could you
like to tell me where can I find the commercial web interface for argus ?

If we can not find a suitable web interface,we will do it by ourself for our
company,but we can not keep it open, because of the confidentiality
agreement.

In my opinion, the visualize map were not the best bet for us, we only want
to know which system are hacked (botnet detection) and which system are
hacking (scaning,brute-forcing,spoofing)in our company,then block the ip
with the firewall and locate the people with the smac.

All of them could be find out by analyse the network behavior data which
collected with argus,not very difficult,just count the times which from the
same source address to the same destination address and port.

In the botnet detection,we will use black list and white list to make it
better

1.       black list: dynamic dns,such as 3322.org.

2.       white list,such as mail server and trusted web server.

 

Anybody could give me some suggestion ? Thanks.

 

From: Carter Bullard [mailto:carter at qosient.com] 
Sent: Wednesday, August 04, 2010 11:22 PM
To: modversion
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] which is the best front web interface for me ?

 

Hey modversion,

We don't have a free web interface for argus, but some people have developed

their own web tools.  Mark Bartlett sends screenshots of his stuff
occasionally.

 

There's Periscope, which is a Lisp system that looks particularly cool,
there was

ArgusEye, which was a good effort.  These are/were the projects that people
have

talked about on the mailing list, where there is code.

 

I am trying to move things around so that I can do this type of project, but
it will take

some time before that happens for me.  If you are interested in doing
something

in this area, and want to keep it open, I can contribute.

 

Carter

 

On Aug 4, 2010, at 10:36 AM, modversion wrote:





Hi list:

         I want to find the port scanner,login bruteforcer,arp spoofer and
the botnet victim in our office network via argus, which is the best front
web interface for me to find them out ?

         Thank you very much!

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100805/9560995f/attachment.html>

More information about the argus mailing list