[Snort-devel] Oddities in Build
erek at ...105...
Thu Aug 30 15:47:49 EDT 2001
*gack* I know it's bad form to reply to your own messages, but...
On Wed, 29 Aug 2001, Erek Adams wrote:
> This output in from the full alerts doesn't seem right:
> [**] [1:1243:1] WEB-IIS ISAPI .ida attempt [**]
> [Classification: Attempted Administrator Privilege Gain] [Priority: 10]
> 08/28/01-17:39:59.621713 18.104.22.168:1446 -> x.x.x.x:80
> TCP TTL:124 TOS:0x0 ID:42467 IpLen:20 DgmLen:1500 DF
> ***A**** Seq: 0x39CD02D Ack: 0x5FC2DCB1 Win: 0x16D0 TcpLen: 20
> [Xref => http://www.whitehats.com/info/IDS552]
> [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
Ok, _please_ pardon the stupidity. I had two copies of snort running from the
same startup script. *sigh*
No wonder the alert file looked so horked.
Now back to your regularly scheduled clues....
More information about the Snort-devel