[240] in Intrusion Detection Systems
No subject found in mail header
daemon@ATHENA.MIT.EDU (owner-ids@uow.edu.au)
Sun May 21 09:30:27 1995
Date: Sun, 21 May 1995 20:53:59 +1000
From: owner-ids@uow.edu.au
Apparently-To: ids-outgoing@wyrm.cc.uow.edu.au
>>From ids-owner Sun May 21 07:59:59 1995
>Received: from bb.iu.net (bb.iu.net [198.69.25.2]) by wyrm.cc.uow.edu.au (8.6.11/8.6.11) with ESMTP id HAA04786 for <ids@uow.edu.au>; Sun, 21 May 1995 07:35:42 +1000
>Received: from (netport-15.iu.net [198.69.25.215]) by bb.iu.net (8.6.12/8.6.12) with SMTP id RAA23389 for <ids@uow.edu.au>; Sat, 20 May 1995 17:43:18 -0400
>Message-Id: <199505202143.RAA23389@bb.iu.net>
>X-Sender: jtruitt@iu.net
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Sat, 20 May 1995 17:28:48 -0400
>To: ids@uow.edu.au
>From: jtruitt@iu.net (Jim Truitt)
>Subject: ftp://ftp.sei.cmu.edu/pub/argus-1.5/argus-1.5.announce
>X-Mailer: <PC Eudora Version 1.4>
Sender: owner-ids@wyrm.cc.uow.edu.au
Precedence: bulk
Reply-To: ids@wyrm.cc.uow.edu.au
> Crosspost
>>
>> Argus 1.5
>> Software Engineering Institute
>> Carnegie Mellon University
>> argus@sei.cmu.edu
>> ftp://ftp.sei.cmu.edu/pub/argus-1.5
>>
>> This is to announce the availability of the public domain package, Argus,
>> a generic IP network transaction auditing tool. Argus runs as an
>> application level daemon, promiscuously reading network datagrams from
>> a specified interface, and generates network traffic status records
>> for the network activity that it encounters. Argus has been built and tested
>> under SunOS 4.x, Solaris 2.3, and SGI IRIX5.2. The issue of portability has
>> been principally addressed by the use of libpcap-0.0.x.
>>
>> Argus, enables a site to generate comprehensive network transaction
>> audit logs, in a fashion that provides for high degrees of data reduction,
>> and high degrees of semantic preservation. This has allowed us to perform
>> extensive analysis of our network traffic, historically. The package
>> includes two example programs for analyzing the network transaction audit
>> logs.
>>
>> By processing these historical network logs, we have been able to,
>> among other things:
>>
>> 1. Verify that our network security access control policies are
>> actually being enforced and detect attempts to break through
>> our firewall and host based mechanisms.
>>
>> 2. Perform grade of service analysis for every IP based network
>> service that is offered in our network infrastructure.
>>
>> 3. Identify and troubleshoot difficult transient network problems such
>> as intermittent service failure, denial of service attacks and
>> host and network configuration problems.
>>
>> And by using the realtime features of Argus, we have been able to
>> develop complex proactive network management tools.
>>
>>
>> The data that Argus generates makes possible the ability to analyze
>> network activity and performance in ways that have not been possible
>> before. We are routinely answering questions such as:
>>
>> "Has anyone scanned this subnet for system vulnerabilities, such
>> as that performed by SATAN?"
>>
>> "A new intrusion method has been discovered, has anyone tried
>> to use it to attack the CERT Coordination Center's network in
>> the past year?"
>>
>> "Did a new MUD server appear on any of the SEI machines last
>> Tuesday?"
>>
>> "What network traffic was blocked by our router-enforced firewall?"
>>
>> "What is the average HTTP transaction connection time when a CMU
>> host accesses MIT's WWW server?"
>>
>> "If we move the News server to another subnet, what other machines
>> should be moved with it?"
>>
>> Each of these questions can be answered from the same historical network
>> activity audit log.
>>
>>
>> Comprehensive network transaction auditing can make a major impact on
>> a sites network security. As we have had a great deal of success in
>> using Argus to improve the network security at the Software Engineering
>> Institute and CERT Coordination Center, we would like to emphasize this
>> advantage of the use of Argus.
>>
>> We have found that comprehensive network transaction auditing can be a
>> powerful network management tool, and we think that a large number
>> of sites can benefit from the prototype work that we have done in this
>> area. We hope that you find Argus and the support tools helpful.
>>
>> If you have any questions, comments or suggestions please send
>> mail to argus@sei.cmu.edu.
>>
>>
>> Again, thank you for your interest in Argus.
>>
>> Carter Bullard
>> Software Engineering Institute
>> Carnegie Mellon University
>> wcb@sei.cmu.edu
>>
>> Chas DiFatta
>> Software Engineering Institute
>> Carnegie Mellon University
>> chas@sei.cmu.edu
>>
--
+---------------------+--------------------------------------------------+
| ____ ___ | Justin Lister ruf@cs.uow.edu.au |
| | \\ /\ __\ | Center for Computer Security Research |
| | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327 |
| | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... |
| | Disclaimer: dreaming is at own risk |
+---------------------+--------------------------------------------------+
