[Snort-users] 01-Mar-2001 Rules broke IDS links in reports

Bob Tanner tanner at ...1175...
Tue Mar 6 15:15:15 EST 2001


I upgraded to 01-Mar-2001 rules and it broke the IDS url inside of ACID reports.
Looking at my old rules I see entries like this:

alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"IDS017 - RPC -
portmap-request-cmsd"; content:"|01 86 E4 00 00|";offset:40;depth:8;)

The same rule in the new rule set:

alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request cmsd";
content:"|01 86 E4 00 00|";offset:40;depth:8; reference:arachnids,17;)

I see the reference to arachnids,17, is it just ACID does not understand the new
rule sets?

-- 
Bob Tanner <tanner at ...1175...>       | Phone : (952)943-8700
http://www.mn-linux.org                 | Fax   : (952)943-8500
Key fingerprint = 02E0 2734 A1A1 DBA1 0E15  623D 0036 7327 93D9 7DA3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010306/f8d6e2d1/attachment.sig>


More information about the Snort-users mailing list