[Snort-users] Snort SIDs changed?
bmc at ...950...
Mon Aug 23 07:58:21 EDT 2004
On Fri, Aug 13, 2004 at 05:14:38PM -0600, Sean Brown wrote:
> Have the SIDs on Snorts website changed? I have SID 108 logged as
> '(snort_decoder) Unknown Datagram decoding problem!' Yet clicking on
> the link to the description of that sid in acid it points to
> http://www.snort.org/snort-db/sid.html?sid=108 which obviously is
> sid 108 but there the message listed is 'BACKDOOR QAZ Worm Client
> Login access'
The alert you are looking '(snort_decoder) Unknown Datagram decoding
problem!' is gen 116, sid 108.
The rule documentation at
http://www.snort.org/snort-db/sid.html?sid=108 is for gen 1, sid 108.
Hopefully preprocessor events will have documentation for them soon.
(We are working on it now.)
More information about the Snort-users