arachNIDS urls (Re: [Snort-devel] Patch to sp_reference.h)

Max Vision vision at ...195...
Wed Feb 7 22:02:25 EST 2001


Hi,

Although this is a preferred reference method, I should clarify for folks
that I have allowed the /IDS/### reference format for over a year and have
never removed this functionality.  It has worked continuously and works
currently.

Some months back I *added* the /info/* reference URL as a way to
accomplish several things.
 1> to allow for much more fault tolerance - people were typing all sorts
    of things like /IDS/IDS123 (IDS twice), /IDS/IDS123/FooBar (extra),
    and so forth. The new /info/* url is an agressive/intelligent parser.
 2> to add new reference functionality besides IDS lookups, for example
    try http://whitehats.com/info/10.0.0.1   There are also other things
    like port lookups, tool references, rfc lookups, etc but I haven't
    come back to finish them yet. I'll document it when complete.

So although /info/IDS123 is a prefered way to reference arachNIDS, the
/IDS/### method was never broken.  Your script just wasn't passing the
right data, you had were adding the extra "IDS".  :)

Example from the excellent SnortSnarf:
if($sig =~ /IDS(\d+)/)
{
  my $num= $1;
  $num =~ s/^0+//;
  # ARACHNIDS signature - can make a nice URL for these.
  $sig_url->{$sig} = "http:\/\/whitehats.com\/IDS\/$num";
  $sig_entry->{$sig} = "<a href=\"$sig_url->{$sig}\"".&target('siginfo').">$sig</a>";
}

Max

On Wed, 7 Feb 2001, Brian Caswell wrote:
> The reference for URL and arachNIDS need to be added/changed.
>
> -brian
>
> Index: sp_reference.h
> ===================================================================
> RCS file: /cvsroot/snort/snort/sp_reference.h,v
> retrieving revision 1.2
> diff -u -r1.2 sp_reference.h
> --- sp_reference.h      2001/01/02 08:06:01     1.2
> +++ sp_reference.h      2001/02/08 02:07:12
> @@ -29,8 +29,9 @@
>
>  #define BUGTRAQ_URL_HEAD   "http://www.securityfocus.com/bid/"
>  #define CVE_URL_HEAD
> "http://cve.mitre.org/cgi-bin/cvename.cgi?name="
> -#define ARACHNIDS_URL_HEAD "http://www.whitehats.com/IDS/"
> +#define ARACHNIDS_URL_HEAD "http://www.whitehats.com/info/"
>  #define MCAFEE_URL_HEAD
> "http://vil.nai.com/vil/dispVirus.asp?virus_k="
> +#define URL_HEAD           "http://"
>
>  typedef struct _ReferenceData
>  {
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel
>






More information about the Snort-devel mailing list