Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Argus-1.5 release announcement

0 views
Skip to first unread message

ar...@sei.cmu.edu

unread,
May 10, 1995, 3:00:00 AM5/10/95
to

Argus 1.5
Software Engineering Institute
Carnegie Mellon University
ar...@sei.cmu.edu
ftp://ftp.sei.cmu.edu/pub/argus-1.5

This is to announce the availability of the public domain package, Argus,
a generic IP network transaction auditing tool. Argus runs as an
application level daemon, promiscuously reading network datagrams from
a specified interface, and generates network traffic status records
for the network activity that it encounters. Argus has been built and tested
under SunOS 4.x, Solaris 2.3, and SGI IRIX5.2. The issue of portability has
been principally addressed by the use of libpcap-0.0.x.

Argus, enables a site to generate comprehensive network transaction
audit logs, in a fashion that provides for high degrees of data reduction,
and high degrees of semantic preservation. This has allowed us to perform
extensive analysis of our network traffic, historically. The package
includes two example programs for analyzing the network transaction audit
logs.

By processing these historical network logs, we have been able to,
among other things:

1. Verify that our network security access control policies are
actually being enforced and detect attempts to break through
our firewall and host based mechanisms.

2. Perform grade of service analysis for every IP based network
service that is offered in our network infrastructure.

3. Identify and troubleshoot difficult transient network problems such
as intermittent service failure, denial of service attacks and
host and network configuration problems.

And by using the realtime features of Argus, we have been able to
develop complex proactive network management tools.


The data that Argus generates makes possible the ability to analyze
network activity and performance in ways that have not been possible
before. We are routinely answering questions such as:

"Has anyone scanned this subnet for system vulnerabilities, such
as that performed by SATAN?"

"A new intrusion method has been discovered, has anyone tried
to use it to attack the CERT Coordination Center's network in
the past year?"

"Did a new MUD server appear on any of the SEI machines last
Tuesday?"

"What network traffic was blocked by our router-enforced firewall?"

"What is the average HTTP transaction connection time when a CMU
host accesses MIT's WWW server?"

"If we move the News server to another subnet, what other machines
should be moved with it?"

Each of these questions can be answered from the same historical network
activity audit log.


Comprehensive network transaction auditing can make a major impact on
a sites network security. As we have had a great deal of success in
using Argus to improve the network security at the Software Engineering
Institute and CERT Coordination Center, we would like to emphasize this
advantage of the use of Argus.

We have found that comprehensive network transaction auditing can be a
powerful network management tool, and we think that a large number
of sites can benefit from the prototype work that we have done in this
area. We hope that you find Argus and the support tools helpful.

If you have any questions, comments or suggestions please send
mail to ar...@sei.cmu.edu.


Again, thank you for your interest in Argus.

Carter Bullard
Software Engineering Institute
Carnegie Mellon University
w...@sei.cmu.edu

Chas DiFatta
Software Engineering Institute
Carnegie Mellon University
ch...@sei.cmu.edu


0 new messages