[Snort-users] Is ACID Dead?

Bamm Visscher bamm at ...539...
Thu Jan 15 14:03:06 EST 2004


I forgot to CC the list when I replied to John (sorry).

You can still use the 'old' portscan preprocessor. Even though it's not anywhere in the default snort.conf w/2.1, its still in the source and seems to work fine for me (although I don't use ACID).
                                                                                                                                              
Bammkkkk
--
http://sguil.sf.net

On Thu, Jan 15, 2004 at 04:44:41PM -0500, Owen McCusker wrote:
> John,
> 
> I also noted that the current ACID version isn't integrated with the
> latest portscan plugin. I am currently looking under the hood to see 
> if anything
> can be done. ACID is a great tool and I expect to be using it for a while.
> 
> Owen
> 
> >Scott,
> >	Yes, I agree. The question was as to whether further updates 
> >of ACID to keep pace with changes in snort will be forthcoming. This 
> >is an immediate issue mainly because of the new portscan plugin 
> >problem that I mentioned.
> >		John
> >
> >-----Original Message-----
> >From: Scott Skrogstad [mailto:scott at ...10981...]
> >Sent: Thursday, January 15, 2004 3:21 PM
> >To: McCash, John; snort-users at lists.sourceforge.net
> >Subject: Re: [Snort-users] Is ACID Dead?
> >
> >
> >John we use ACID and it still works great.  Been using it
> >for about a year and it still does everything that we need.
> >
> >Scott
> >
> >----------------------Original message-------------------
> >Hi Everyone,
> >	I've used snort and ACID off and on at several
> >positions over the last thr=
> >ee years, and have just noticed that ACID doesn't seem to
> >have been updated=
> > since early last year. This is especially troubling in
> >view of the fact th=
> >at it's the nicest GUI front-end for snort that I've seen,
> >and that since t=
> >he portscan plug-in was updated in snort 2.1.0, the
> >portscan display featur=
> >es of ACID no longer work as well. I know that if you set
> >the output-mode t=
> >o pktknudge, it at least displays the portscans, but
> >that's not a very nice=
> > workaround. I dropped Roman a note in email on 1/9/04,
> >and haven't heard b=
> >ack from him. Does anyone know what the development status
> >of ACID is? If, =
> >in fact, it's dead, can anyone recommend something with
> >similar functionali=
> >ty to replace it?
> >		Thanks lots in advance
> >			John
> >-----------------------------------------------------------
> >----------------=
> >---------------------
> >This message is for the designated recipient only and may
> >contain privileged, proprietary, or otherwise private
> >information. =20
> >If you have received it in error, please notify the sender
> >immediately and delete the original.  Any unauthorized use
> >of
> >this email is prohibited.
> >-----------------------------------------------------------
> >----------------=
> >---------------------
> >[mf2]
> >
> >
> >-------------------------------------------------------
> >The SF.Net email is sponsored by EclipseCon 2004
> >Premiere Conference on Open Tools Development and
> >Integration
> >See the breadth of Eclipse activity. February 3-5 in
> >Anaheim, CA.
> >http://www.eclipsecon.org/osdn
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> >
> >------------------------------------------------------------------------------------------------
> >This message is for the designated recipient only and may
> >contain privileged, proprietary, or otherwise private information. 
> >If you have received it in error, please notify the sender
> >immediately and delete the original.  Any unauthorized use of
> >this email is prohibited.
> >------------------------------------------------------------------------------------------------
> >[mf2]
> >
> >
> >-------------------------------------------------------
> >The SF.Net email is sponsored by EclipseCon 2004
> >Premiere Conference on Open Tools Development and Integration
> >See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> >http://www.eclipsecon.org/osdn
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list
> 
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list