[Snort-users] Stopping repeats in Snort/Acid

Wynn Fenwick wfenwick at ...2714...
Mon Jan 7 15:27:02 EST 2002


This is kludgey but avoids .htaccess and SSL.

We use SSH into the management console running Apache, then ssh forward
port localhost:80 to the remote machine.

A local /etc/hosts entry for 127.0.0.1 may be required if the web server
redirects to a fully qualified domain name, which will force the browser
to use the real addressrather than the tunnel. Make sure the web server
only listens to localhost and voila you have some access control on the
ACID console...

W

snort-users-request at lists.sourceforge.net wrote:

> Subject: Re: [Snort-users] Stopping repeats in Snort/Acid
> Date: Mon, 7 Jan 2002 03:34:24 +0000 (GMT)
> From: Mike Coles <bluelip at ...4476...>
> To: "Madziarczyk, Jonathan" <than at ...3657...>
>
> C: "'snort-users at lists.sourceforge.net'" <snort-users at lists.sourceforge.net>
>
> > My question is this, I'm starting to get listings of people with
> "Kick-A$$
> > P0rn" (this appears to be coming through from people getting html
> spam
> > mail...among other things ;-)  When I look at ACID to get details on
> "K-A-P"
> > I get more alerts from my machine to the ACID box.  How do I keep
> these from
> > popping up?  By simply investigating 6 alerts in Acid, I can
> generate
> > hundreds of additional alerts.  What's my solution?
>
>
>         My solution is more of a klidge, but I ssh into the
> demarc/acid
> box, export the display back to my own computer and run netscape.
> Netscape
> will get the demarc/acid page from localhost and not eth? and then
> send the display over to your own computer.
>
> Mike Coles
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020107/669fb8b1/attachment.html>


More information about the Snort-users mailing list