creating missing manpages for ra* clients

carter at qosient.com carter at qosient.com
Mon Sep 13 08:47:55 EDT 2010 

I whole heartedly endorse this message.
Almost always means I need to write a manpage though.
Sorry about getting so busy on paid work.  Hopefully will have more time in Oct.

Carter
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: George Jones <fooologist at gmail.com>
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
Date: Mon, 13 Sep 2010 08:22:45 
To: Mike Tancsa<mike at sentex.ca>
Cc: <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] creating missing manpages for ra* clients

Here's a documentation project if anybody's up for it:   troll carters posts
on
the list, look at the source code and at least stub out man pages for the
ra* tools that currently lack them, perhaps with hyperlinks back to
the relevant mailing list threads

----George Jones

~/rebuild/argus-clients-3.0.3.17/bin> foreach i (ra*)
foreach? man $i > man/$i.man
foreach? end
No manual entry for raconvert
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for radark
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for radump
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rafilteraddr
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rahosts
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ralabel
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rapolicy
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for raports
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for raservices
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rasql
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rasqlinsert
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rasqltimeindex
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ratemplate
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ratimerange
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ratree
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rauserdata
See 'man 7 undocumented' for help when manual pages are not available.

On Fri, Sep 10, 2010 at 9:02 AM, Mike Tancsa <mike at sentex.ca> wrote:

> At 03:16 PM 9/9/2010, carter at qosient.com wrote:
>
>> Hey Mark,
>> Take a look at the rahosts() perk script.  It will report on the number of
>> hosts, hosts attempt to access.  It is the simplest of tools to report simle
>> scanning behavior.
>>
>> radark() is also a good script for dealing with scan detection, but it is
>> trying to discover scanning at a very low level of activity, which are below
>> the thresholds you mention.  Maybe overkill.
>>
>
>
> Thanks Carter, these look like great tools ! I noticed there is no man page
> for them ?
>
>        ---Mike
>
>
>
>  Give these a try and send email if they were helpful at all, and if they
>> sucked for what you want to do.
>>
>> Carter
>> Sent from my Verizon Wireless BlackBerry
>>
>> -----Original Message-----
>> From: Mike Tancsa <mike at sentex.ca>
>> Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
>> Date: Thu, 09 Sep 2010 10:14:22
>> To: <argus-info at lists.andrew.cmu.edu>
>> Subject: [ARGUS] looking for scanners and other "bad" activity
>>
>> Hi,
>>         I am hoping to use my argus data for some real time threat
>> analysis looking for hosts scanning inside my network either
>> individual hosts or ports on a host.  In general, the questions I
>> want to answer are like
>>
>>  What external IP addresses have hit > n hosts on port y in less than x
>> hrs
>>
>> eg. what external IP addresses have hit port 3389 on more than 20
>> different IP addresses in the past 1hr
>>
>> I could do some scripting to interpret the text output, but was
>> hoping there would be some combo of racluster and other argus tools
>> to help me answer that question.
>>
>>         ---Mike
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100913/d01b0671/attachment.html>

More information about the argus mailing list