Got the OpenBSD bridge online today, passing (and blocking, as appropriate) traffic on the main pipe. Tuning Argus turned out to be slightly tricky, but it’s going well now.
Argus post processing takes a lot of memory, and it doesn’t do anything useful when it fails — just dumps core (it’d be nice if it checked the return code from malloc and failed gracefully with an error, but no…).
Found a couple of IP addresses still spewing worm traffic and alerted the right people.
Posted by Rowan Littell at September 5, 2005 05:10 PM