[Snort-users] Incorrect payload on acid alerts

snortman at ...8908... snortman at ...8908...
Tue Nov 9 05:47:00 EST 2004


I have a snort version 2.1.0 installed a few month now and it worked fine.

Alerts output is to mysql and acid.

Recently I added a Microsoft sms server which createstons of alerts

For example : WEB-MISC http directory traversal 

The problem is when I look at the payload I can see the beginning of the
payload which was actually sent to the sms server and the rest completely
different sessions (parts of email messages , part of telnet sessions) the
alert is generated by the wrong part of the payload.

Can anyone help me ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041109/253da2d1/attachment.html>


More information about the Snort-users mailing list