
/*
 * Copyright (c) 1995 Carnegie Mellon University.
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software and
 * its documentation for any purpose and without fee is hereby granted, 
 * provided that the above copyright notice appear in all copies and
 * that both that copyright notice and this permission notice appear
 * in supporting documentation, and that the name of CMU not be
 * used in advertising or publicity pertaining to distribution of the
 * software without specific, written prior permission.  
 * 
 * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
 * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
 * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
 * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
 * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
 * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 *
 */

Argus contrib directory

This directory includes shell scripts and configuration files that
perform simple network administrative tasks, and are offered as a 
demonstration of how Argus data can be used in your network management.

They are demonstrations of:

   1. Network activity summary report generation.
   2. Specific network intrusion attack detection.


If you would like to make contributions to this directory and have
them included in possible future releases, please send your candidates
to argus@sei.cmu.edu.

MANIFEST
./contrib
total 22
-rwxr-xr-x  1 argus    software       73 May  8 14:08 CA-95:01
-rwxr-xr-x  1 argus    software     5686 May  8 13:47 CA-95:01.scan.sh
-rw-r--r--  1 argus    software     3195 May  8 15:02 README
-rw-r--r--  1 argus    software     3218 May  8 12:58 configs
-rwxr-xr-x  1 argus    software     1636 May  7 17:25 dailyscan.sh
-rw-r--r--  1 argus    software     2747 May  8 13:01 ra.conf


CA-95:01      - a one line Argus filter that will aid in detecting if
                there has been an IP spoof attack of the nature
                described in CERT advisory CA-95:01.

CA-95:01.scan.sh -
                An example of a shell to examine Argus data, looking
                for a specific type of network activity.  In this
                example, the scan uses the file, 'CA-95:01', which
                tests for the occurrence of an IP spoofing attack of
                the form described in CERT advisory CA-95:01.
                This is included as a demonstration of how Argus data
                can be used in local intrusion detection, and is offered
                as an exercise.

configs       - A description of 2 Argus deployment strategies.

dailyscan.sh  - An example of a shell script that can be used
                to examine Argus data.  A shell of this type might
                be run as a daily cron job and used to generate
                daily network activity reports.

ra.conf       - A sample firewall policy filter file used by dailyscan.sh.
                This is an example firewall policy.  The actual policy
                used should be the policy installed your actual router.
