[Snort-users] Safety tip for ACID users :-)

Jason Haar Jason.Haar at ...294...
Mon Oct 1 16:51:02 EDT 2001


Beware! ACID and Snort can become vile enemies at the drop of a hat.

I just noticed (via snort) that we had tonnes of hits on "WEB-MISC
readme.eml attempt". Looking at it I saw that 99.99% of them came from the
ACID server itself! 

... of course the rule matches on web pages containing the string
"readme.eml"....

So, back to running ACID over https like I always should have been... :-}

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list