[Snort-users] 2 bugs in ACID v0.9.6b17

Erik Melander Emelander at ...3910...
Thu Nov 1 11:33:08 EST 2001


The first relates to portscan data:

On the main screen, click on the percentage of total traffic link for
portscans.  After the first page of portscan data is displayed, click on the
"Unique addresses: source" link in the "Summary Statistics" box.  Although
all my portscans are identified with source IP addresses, clicking on this
link shows that all addresses are unknown.  I would have expected a summary
breakdown of all the unique IP addresses that portscanned me.

The second bug relates to a link that points to the ports database:

On the main screen, click on the percentage of total traffic link for any of
the traffic types.  After the first page of data is displayed, click on any
one of the several ID number links.  The information displayed should be
broken down into the 4 different search criteria: meta, IP, TCP, and
payload.  In the TCP section, click on either the source or destination port
link.  These currently point to http://www.snort.org whereas I believe they
should be pointing to http://www.portsdb.org/.  The $external_port_link
variable defined in my acid_conf.php file is set to
http://www.portsdb.org/bin/portsdb.cgi?portnumber=.  I can follow the source
and destination port link to http://www.portsdb.org on every other page but
this type.

Thanks!

Erik




More information about the Snort-users mailing list