[Snort-devel] Version 1.8.7beta5 (Build 127) classification.config
cpw at ...86...
Tue Jun 25 16:33:02 EDT 2002
Why the patch below makes all the difference in the world, I don't know.
There is something foobah with the parsing of the classification.config.
If the patch is not in place, the mapping doesn't work, and you get
[Classification: sig] inplace of
[Classification: access to potentially vulnerable web application]
Too freaky for words. Either there are some non-ascii characters buried
somehwere in the rules or the classifiation.config, or some string lengths
are whaco. Ruined my day. See you in Boston?
dif classification.config /tmp/classification.config
--- classification.config Mon May 27 19:38:25 2002
+++ /tmp/classification.config Tue Jun 25 23:26:30 2002
@@ -56,7 +56,7 @@
config classification: denial-of-service,Detection of a Denial of Service Attack,2
config classification: non-standard-protocol,Detection of a non-standard protocol or event,2
config classification: protocol-command-decode,Generic Protocol Command Decode,3
-config classification: web-application-activity,access to a potentially vulnerable web application,2
+config classification: webapplication-activity,access to potentially vulnerable web application,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
More information about the Snort-devel