Bluehost.com Web Hosting $6.95

RE: [Snort-users] Strange..

This is a discussion on RE: [Snort-users] Strange.. within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C52C19.81313690 Content-Type: text/plain; charset="us-ascii&...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page RE: [Snort-users] Strange..

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-19-2005
Briggs, Bruce
 
Posts: n/a
Default RE: [Snort-users] Strange..
This is a multi-part message in MIME format.

------_=_NextPart_001_01C52C19.81313690
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Can't help with your 1st question.
=20
=20
For the lookups- in acid_conf.php change:
"snort" =3D> array("http://www.snort.org/snort-db/sid.html?sid=3D", ""), =

to:
"snort" =3D> array("http://www.snort.org/pub-bin/sigs.cgi?sid=3D", ""),
=20
Bruce

_____ =20

From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Marc
Hering
Sent: Friday, March 18, 2005 5:06 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Strange..


Hey, Ever since they shut down the direct snort lookup from ACID my life
has sucked.... Anyway, I am getting LOTS of these errors.
(spp_stream4) possible EVASIVE RST detection
=20
Are they normal *(We are an ASP, so people hit our database via the
website all day long)* and if so where would this rule be soI can
comment it out?
=20
Thanks!
=20
=20
(Also how can I fix the ACID rule lookup?)
=20
Thaks
=20
Marc Hering
Manager of Network Operations
Reval
100 Broadway 22nd Floor
New York, NY 10005
Direct: 212-901-9710
Fax: 212-901-9797
www.reval.com <http://www.reval.com/>=20
=20

------_=_NextPart_001_01C52C19.81313690
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR></HEAD>
<BODY>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>Can't help with your 1st =
question.</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>For the lookups- i</FONT></SPAN><SPAN=20
class=3D359121800-19032005><FONT face=3DArial color=3D#0000ff size=3D2>n =
acid_conf.php=20
change:</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2><FONT color=3D#000000>"snort" =3D&gt;=20
array("http://www.snort.org/snort-db/sid.html?sid=3D", ""),=20
</FONT></FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2><FONT =
color=3D#000000>to:</FONT></FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2><FONT size=3D2>"snort" =3D&gt;=20
array("http://www.snort.org/pub-bin/sigs.cgi?sid=3D",=20
""),</FONT></FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D359121800-19032005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2><FONT =
size=3D2>&nbsp;</DIV></FONT></FONT></SPAN><SPAN=20
class=3D359121800-19032005></SPAN><FONT face=3DArial><FONT =
color=3D#0000ff><FONT=20
size=3D2>Bruce<SPAN =
class=3D359121800-19032005></SPAN></FONT></FONT></FONT><BR>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> =
snort-users-admin@lists.sourceforge.net=20
[mailto:snort-users-admin@lists.sourceforge.net] <B>On Behalf Of =
</B>Marc=20
Hering<BR><B>Sent:</B> Friday, March 18, 2005 5:06 PM<BR><B>To:</B>=20
snort-users@lists.sourceforge.net<BR><B>Subject:</B> [Snort-users]=20
Strange..<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial size=3D2>Hey, =
Ever since they=20
shut down the direct snort lookup from&nbsp;ACID&nbsp;my life has=20
sucked....&nbsp; Anyway, I am getting LOTS of these errors.&nbsp; <FONT=20
face=3D"Times New Roman" size=3D3>(spp_stream4) possible EVASIVE RST=20
detection</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=3D193330422-18032005></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial size=3D2>Are =
they normal *(We=20
are an ASP, so people hit our database via the website all day =
long)*&nbsp; and=20
if so where would this rule be soI can comment it =
out?</FONT></SPAN></DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial=20
size=3D2>Thanks!</FONT></SPAN></DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial size=3D2>(Also =
how can I fix=20
the ACID rule lookup?)</FONT></SPAN></DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D193330422-18032005><FONT face=3DArial=20
size=3D2>Thaks</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV align=3Dleft>
<DIV align=3Dleft><FONT size=3D4>Marc Hering</FONT></DIV>
<DIV align=3Dleft><FONT size=3D4>Manager of Network =
Operations</FONT></DIV>
<DIV align=3Dleft><FONT color=3D#800000 size=3D4>Reval</FONT></DIV>
<DIV align=3Dleft><FONT size=3D4>100 Broadway 22nd Floor</FONT></DIV>
<DIV align=3Dleft><FONT size=3D4>New York, NY 10005</FONT></DIV>
<DIV align=3Dleft><FONT size=3D4>Direct: 212-901-9710</FONT></DIV>
<DIV align=3Dleft><FONT size=3D4>Fax: 212-901-9797</FONT></DIV>
<DIV align=3Dleft><A title=3Dhttp://www.reval.com/=20
href=3D"http://www.reval.com/"><FONT title=3Dhttp://www.reval.com/=20
size=3D4>www.reval.com</FONT></A></DIV></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------_=_NextPart_001_01C52C19.81313690--


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 06:36 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0