[Snort-users] ACID errors

pbsarnac at ...1799... pbsarnac at ...1799...
Tue Sep 25 14:30:03 EDT 2001


Looks like I didn't paste the full version number. I'm really on 0.9.6b13.
I'll try upgrading to b15.

Thanks!
pat s.



|--------+--------------------------------------->
|        |          Steve Halligan               |
|        |          <agent33 at ...187...>      |
|        |          Sent by:                     |
|        |          snort-users-admin at ...635...|
|        |          eforge.net                   |
|        |                                       |
|        |                                       |
|        |          09/25/2001 04:15 PM          |
|        |                                       |
|--------+--------------------------------------->
  >----------------------------------------------------------------------------------------------------|
  |                                                                                                    |
  |      To:     "'snort-users at lists.sourceforge.net'" <snort-users at lists.sourceforge.net>             |
  |      cc:                                                                                           |
  |      Subject:     RE: [Snort-users] ACID errors                                                    |
  >----------------------------------------------------------------------------------------------------|




If this is accurate and you are using ACID v0.9.6b1, you should upgrade to
a
newer version.  It is up to v0.9.6b16 in CVS and b15 in tarball.
-steve


>
> Snort Version 1.8.1-RELEASE (Build 74)
> ACID v0.9.6b1
>
> These are the signatures (from the snort.sourcefire.com ruleset):
> web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any
> (msg:"WEB-MISC
> readme.eml autoload attempt"; flags:A+; content:"window.open
> (\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3;
> reference:url,www.cert.org/advisories/CA-2001-26.html;)
> web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any
> (msg:"WEB-MISC
> readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase;
> classtype:attempted-user; sid:1284; rev:3;
> reference:url,www.cert.org/advisories/CA-2001-26.html;)
>
> Any help is greatly appreciated!
>
> Thanks,
> pat s.
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list