[Snort-users] ACID and snort

roman at ...438... roman at ...438...
Thu Oct 12 23:20:41 EDT 2000


Ron and Mike,

Ron, can I have some more information.  What version of PHP? ACID?
Browser?  Last time I heard about this exact problem was when ACID was used
with PHP 3 and IE, although I'll confess I don't know why an upgrade to PHP
4 seemingly fixed the problem.  That wouldn't be the case, would it?

Yes, there are known issues with ACID and Lynx.  It is related to really
long URLs; lynx appears to replace certain characters when passing
variables (at least when I saw it break).  I will have to investigate more
closely.

Roman



                                                                                                           
                    "Ron 'The InSaNe One' Rosson"                                                          
                    <insane at ...321...        To:     snort-users at lists.sourceforge.net         
                    >                                    cc:                                               
                    Sent by:                             Subject:     [Snort-users] ACID and snort         
                    snort-users-admin at ...635...                                                          
                    eforge.net                                                                             
                                                                                                           
                                                                                                           
                    10/12/00 03:29 PM                                                                      
                    Please respond to Ron Rosson                                                           
                                                                                                           
                                                                                                           



Using acid at home on my home network and just found some time to really
see what I have.. When poking around I found when I click on alert
listing and click on one of the signatures in the listing I get:

No Packets were found matching the specified criteria. 0 Rows returned.

Am I missing something.. Here is my config:

# This is the all encompassing rule set for snort.
# Created 07/01/2000
# Revision 1.1

var INTERNAL xxx.xxx.xx3.224/28
var EXTERNAL !xxx.xxx.xx3.224/28
var HOME_NET xxx.xxx.xx3.224/28

preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan
preprocessor portscan-ignorehosts: $INTERNAL xxx.xxx.xxx.10 xxx.xxx.xxx.20
output log_database: mysql, dbname=snort user=snort host=localhost


Since this is a small network and it is MY network I am wondering if I
am missing anything that I could have snort doing.. This is a learn in
progress thing for me to see what it does and what stupid things people
will try on my small network. I am running Version 1.7-beta0. Here is
the command line I use for my installation of snort.

/usr/local/bin/snort -D -s -d -c /etc/snort.rules


TIA
--
------------------------------------------------------------------------------

Ron Rosson                                                ... and a UNIX
user said ...
The InSaNe One                                                      rm -rf
*
insane at ...322...                            and all was /dev/null and
*void()
------------------------------------------------------------------------------

I've learned that no matter how much I care, some people are just assholes.
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users








More information about the Snort-users mailing list