[Snort-users] BASE SID Lookup
Bruce.Briggs at ...13183...
Wed Apr 6 09:58:32 EDT 2005
Yes, annoying isn't it.
Enter 119:4 to get the correct display.
You can find http_inspect: BARE BYTE UNICODE ENCODING in
That tells you that the snort general alert and tag is 119 & 4
Then you can read a description in 119-4.txt in Snort\doc\signatures
or enter SID 119:4 on the Snort site.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Dominic
Sent: Wednesday, April 06, 2005 10:44 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] BASE SID Lookup
I have recently started using BASE1.1 for snort. I am having a problem
looking up the signature database from the snort webpage - I get "Sorry,
no such sid-gen" for a lot of the events logged (eg: BARE BYTE UNICODE
ENCODING which is SID=4) when I reference the snort site.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users