[Snort-users] Tagging and Acid
andreas at ...1574...
Tue May 21 11:53:04 EDT 2002
I've been using tagging and noticed that Acid can't figure out
the signature name of the tagged packets.
For example, the /etc/passwd rule has a tag to count two packets
in the session. This generates three alerts, but Acid only sees
the first one as "web-misc /etc/passwd", the other two get the
"(123)Unknown Sig Name" name, probably because snort doesn't
supply the signature name for tagged packets.
Any workaround for that? This with snort-1.8.6 and acid-0.9.6b21.
More information about the Snort-users