[unisog] Darknet tools

Eric Pancer epancer at security.depaul.edu
Fri Nov 5 06:32:27 GMT 2004


Jennifer Tu wrote on Thu, 2004-11-04 at 22:53:48 -0500...

> As a project for a network security course at MIT, we have set up a
> darknet on an MIT subnet.  What tools have you used to parse, analyze,
> monitor, and visualize darknet data?  Do you have a darknet on your
> network?  What do you use it for?

Argus is a de-facto standard for this type of work. You can get
flows and the data inside the packets as well; we use a commercial
version of argus due to higher speed capacity. For other darknets
I'm a part of in various locations on the Internet, we use snort,
argus and ngrep expressions written into loops. We also use a
handful of home-grown tools written in C and some light perl (though
I despise perl, personally).

Anyway; if you're looking to spend money, look at the products from
Arbor Networks. They'd be good for this type of analysis.

-- 
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3




More information about the unisog mailing list