ourmon / News: Recent posts

A new release of the ourmon network monitoring and anomaly detection tool is available. New features include support for DNS statistics and a DNS-based blacklist, IP blacklists, improved event log support for security events, improved UDP port signature attributes to help identify scanners and p2p-using hosts, and an experimental threaded probe. Although it is late to mention this, there is a book out with 4 chapters on ourmon. The chapters are still relevant to this release. See Botnets: The Killer Web App, at
http://www.syngress.com/catalog/?pid=4270
on the web. Further reading on ourmon and its
new features may be found at:
http://ourmon.cat.pdx.edu/ourmon/info.html

A new version of the ourmon network management and anomaly detection has been released. Version 2.7 simplifies and greatly improves the top talker GUI. Top talkers now use dynamic http and iframes. Histograms are now horizontal as opposed to vertical. This allows all forms of flows to be tagged with user-supplied (some default supplied) programmable PCRE tags. This means flows that look at layer-7 data. See the release notes for more information. There are also many small improvements here and there.

Charlie Schluting, an ourmon contributer, has written two recent articles on ourmon entitled:
"Something Wormy on Your Net? Investigate with Ourmon (part 1/2). See
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3597361
for the first article, and
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3599016
for the second article.