[Snort-devel] Oddities in Build

Erek Adams erek at ...105...
Thu Aug 30 15:47:49 EDT 2001

*gack*  I know it's bad form to reply to your own messages, but...

On Wed, 29 Aug 2001, Erek Adams wrote:

> This output in from the full alerts doesn't seem right:
> [**] [1:1243:1] WEB-IIS ISAPI .ida attempt [**]
> [Classification: Attempted Administrator Privilege Gain] [Priority: 10]
> 08/28/01-17:39:59.621713 -> x.x.x.x:80
> TCP TTL:124 TOS:0x0 ID:42467 IpLen:20 DgmLen:1500 DF
> ***A**** Seq: 0x39CD02D  Ack: 0x5FC2DCB1  Win: 0x16D0  TcpLen: 20
> [Xref => http://www.whitehats.com/info/IDS552]
> [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]

Ok, _please_ pardon the stupidity.  I had two copies of snort running from the
same startup script.  *sigh*

No wonder the alert file looked so horked.

Now back to your regularly scheduled clues....

Erek Adams

More information about the Snort-devel mailing list