[Snort-users] Snort

frank.bussink at ...3586... frank.bussink at ...3586...
Tue Sep 25 08:25:01 EDT 2001


Using: snort-1.8.1-RELEASE

When a special attempt occurs ( this is a simulation case of a client
surfing a Nimda infected web site)
Snort produce an error, and corrupts the consistency of my MySQL database.

Error Message : database: Unable to insert the alert reference into the DB


Rule in web-misc.rule
...
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml autoload attempt"; flags:A+; content:"window.open(\"readme.eml\""; nocase;
classtype:attempted-user; sid:1290; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;)
...

help !!!! Can anybody guide me ?

     Frank Bussink






More information about the Snort-users mailing list