[Snort-users] ACID- Adding in link to incidents.org dshield

Michael Scheidell scheidell at ...3799...
Thu Nov 8 12:38:05 EST 2001


Some times I want to know if the ip address atttacking me is part of a
skiddy worm/trojan port scan or if they are hitting me directly.

This patch to acid_conf and acid_stat_ipaddr.php adds the ability to click
on the link and find out if you are alone:
(this is against acid b18 as of yesterdays cvs)

add this SOMEWHERE in acid_conf:
/* Link to external DNIDS database */
$external_dnids_link = "http://www.dshield.org/ipinfo.php?ip=;

----- patch acid_stat_ipaddr.php
--- ./acid_stat_ipaddr.php.orig Tue Sep 25 11:32:03 2001
+++ ./acid_stat_ipaddr.php      Thu Nov  8 14:58:42 2001
@@ -231,6 +231,7 @@
  echo '<FONT>External: '.
       '<A HREF="'.$external_dns_link.$ip.'">DNS</A> | '.
       '<A HREF="'.$external_whois_link.$ip.'">whois</A> | '.
+      '<A HREF="'.$external_dnids_link.$ip.'">Dnids</A> | '.
       '<A HREF="'.$external_all_link.$ip.'">SamSpade</A><BR>';
 ?>
  <P>

---
Michael Scheidell
Florida Datamation, Inc.






More information about the Snort-users mailing list