[Snort-users] PORN Virgin

Clint Byrum cbyrum at ...6660...
Wed Aug 28 15:29:02 EDT 2002


McCammon, Keith said:
> Because someone likely tripped that rule by viewing a web page that
> matched that string.  Then, when you pull up a web page that reports
> the alert, it trips again, because the string is being passed to you.
> That's why you don't typically inspect your management interface.
>

To add a bit more to this... ACID allows a lot of control over your alerts
database. You really should be using something like SSL and Browser
Auth(such as basic auth, or even certificates) to secure it. Otherwise,
think of what a malicious person could do.
The main thing that comes to mind is, scan the network, then go in and
delete all the alerts from their host.
>> -----Original Message-----
>> From: Tony Wong [mailto:tony.wong at ...5535...]
>> Sent: Wednesday, August 28, 2002 4:03 PM
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] PORN Virgin
>>
>>
>> Everytime I bring up ACID from my workstation browser. I see "PORN
>> Virgin" from my workstation to the IDS box which is also running ACID.
>>
>> Why is that?
>>
>>
>>







More information about the Snort-users mailing list