[Snort-users] Snort

roman at ...438... roman at ...438...
Tue Sep 25 09:34:03 EDT 2001


The MySQL table schema of the database appears to have a bug.  The field  
to store the URL appears to be too short.  Modify you database using the
following command:

ALTER TABLE reference MODIFY ref_tag VARCHAR(100) NOT NULL;

Please let us know if this does not fix the problem.

cheers,
Roman

On Tue, 25 Sep 2001 frank.bussink at ...3586... wrote:

> Using: snort-1.8.1-RELEASE
> 
> When a special attempt occurs ( this is a simulation case of a client
> surfing a Nimda infected web site)
> Snort produce an error, and corrupts the consistency of my MySQL database.
> 
> Error Message : database: Unable to insert the alert reference into the DB
> 
> 
> Rule in web-misc.rule
> ....
> alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml autoload attempt";
flags:A+; content:"window.open(\"readme.eml\""; nocase;
> classtype:attempted-user; sid:1290; rev:3;
reference:url,www.cert.org/advisories/CA-2001-26.html;)
> ....
> 
> help !!!! Can anybody guide me ?
> 
>      Frank Bussink
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list