[unisog] [REN-ISAC] Alert: DNS Smurfing

Mike.Radomski at itec.suny.edu Mike.Radomski at itec.suny.edu
Wed Dec 15 13:21:30 GMT 2004


Peter,
Thanks for the reply.  I had never heard of argus.  I have it installed 
and have run some basic reports.  Can you share with me the daily reports 
you generate?

Thanks!
-- 
Mike Radomski 

SUNY - ITEC 
Information Technology Exchange Center 
Systems Programmer/Analyst 
E-mail: Mike.Radomski at itec.suny.edu 
Systems E-Mail: scsys at itec.suny.edu 
Phone: (716)878-4832 
Cellular: (716)807-4040 
Fax: (716)878-3485 

There are only 10 types of people... 
Those who understand binary and those who don't. 



Peter Van Epp <vanepp at sfu.ca> 
Sent by: unisog-bounces at lists.sans.org
12/14/04 03:04 PM
Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>


To
UNIversity Security Operations Group <unisog at lists.sans.org>
cc

Subject
Re: [unisog] [REN-ISAC] Alert: DNS Smurfing






                 A number of us here (me included :-)) use argus: 

http://www.qosient.com/argus

                 Here is an article from some years ago about how I use 
it:

http://www.usenix.org/publications/login/2001-11/pdfs/epp.pdf

                 The snort IDS system is another popular choice 
(www.snort.org)

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Tue, Dec 14, 2004 at 02:22:06PM -0500, Mike.Radomski at itec.suny.edu 
wrote:
> Hello,
> I have seen many posting in the past about "seeing" traffic and 
intrusions 
> on networks.  I am wondering what tools everyone is using to analyze 
> traffic and detect intrusions, and more importantly anomalies?
> 
> Thanks!
> 
> -- 
> Mike Radomski 
> 
> SUNY - ITEC 
> Information Technology Exchange Center 
> Systems Programmer/Analyst 
> E-mail: Mike.Radomski at itec.suny.edu 
> Systems E-Mail: scsys at itec.suny.edu 
> Phone: (716)878-4832 
> Cellular: (716)807-4040 
> Fax: (716)878-3485 
> 
> There are only 10 types of people... 
> Those who understand binary and those who don't. 
> 
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20041215/e4546d86/attachment-0001.htm


More information about the unisog mailing list