[Snort-users] Tagging and Acid

Andreas Hasenack andreas at ...1574...
Tue May 21 11:53:04 EDT 2002


I've been using tagging and noticed that Acid can't figure out
the signature name of the tagged packets.

For example, the /etc/passwd rule has a tag to count two packets
in the session. This generates three alerts, but Acid only sees
the first one as "web-misc /etc/passwd", the other two get the
"(123)Unknown Sig Name" name, probably because snort doesn't
supply the signature name for tagged packets.

Any workaround for that? This with snort-1.8.6 and acid-0.9.6b21.





More information about the Snort-users mailing list