[Snort-users] UDP Alerts
fcreid at ...691...
Sun Jan 13 05:37:05 EST 2002
I suspected there was a differing definition for "authentication" being used
during the discussion!
On an unrelated note, is anyone (everyone) seeing streaming media sources
(Akamai, RealMedia, AOL and others) trigger the "BAD-TRAFFIC udp port 0"
alert? I have to disable that alert manually on each update as a result.
Is there ever a case where one must watch this traffic for surreptitious
From: Saad Kadhi [mailto:bsdguy at ...4401...]
Sent: Sunday, January 13, 2002 8:18 AM
To: Frank Reid
Cc: Snort Users; kamesh_rajaram at ...4543...
Subject: RE: [Snort-users] Patch for ACID....!!
On Sun, 2002-01-13 at 14:01, Frank Reid wrote:
> It could be a useful feature to have both an "anonymous" and
> (authenticated) mode on ACID. The anonymous user would be allowed to
> search/display alerts, graph data, etc., but not delete, archive, etc. In
> fact, it would be great to support granular accounts in both ACID and
> Demarc, probably associated with specified database criteria such as the
> alert type, address space, etc. So, if "User X" is associated with
> 188.8.131.52/24 and has non-administrative permissions (no delete), "User X" is
> only able to query within those bounds after authenticating. "User Y" is
> website administrator, so he only has non-administrative permissions for
> 184.108.40.206/32 and only for alerts WEB-IIS, WEB-MISC, etc.
Now I got the picture. I thought it was just a need to authenticate
access to the acid subdir. My sincere apologies to kamesh for such a
More information about the Snort-users