Snort mailing list archives

RE: ACID errors

From: "Karen Marino" <kmarino () returncentral com>
Date: Tue, 25 Sep 2001 16:33:11 -0400



I have also noticed this problem.  I'm interested in a solution as well.

Thanks,
Karen


-----Original Message-----
From: pbsarnac () ThoughtWorks com [mailto:pbsarnac () ThoughtWorks com] 
Sent: Tuesday, September 25, 2001 3:01 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ACID errors

I'm getting the following error in ACID whenever I pull up any Unique
Alerts or Most Recent Alerts or Frequent Alerts lists:

Database ERROR:You have an error in your SQL syntax near '' at line 1

By poking around in mysql, I've traced it to one of two signatures that
we
started seeing alerts on this morning. Whenever I do a search in ACID
for
readme.eml, I get the error, although searches for other signatures
(such
as "roughly ICMP") are fine. I'm not at all a SQL or php guy, so I'm
stumped. Where do I troubleshoot from here?

Snort Version 1.8.1-RELEASE (Build 74)
ACID v0.9.6b1

These are the signatures (from the snort.sourcefire.com ruleset):
web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any
(msg:"WEB-MISC
readme.eml autoload attempt"; flags:A+; content:"window.open
(\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3;
reference:url,www.cert.org/advisories/CA-2001-26.html;)
web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any
(msg:"WEB-MISC
readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase;
classtype:attempted-user; sid:1284; rev:3;
reference:url,www.cert.org/advisories/CA-2001-26.html;)

Any help is greatly appreciated!

Thanks,
pat s.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

acid errors Steve Moran (Jul 16)
- RES: acid errors marcus (Jul 16)
- <Possible follow-ups>
- RE: acid errors Steve Moran (Jul 16)
- Re: acid errors rdanyliw (Jul 16)
- acid errors Steve Moran (Aug 27)
  - General snort problem V. (Aug 27)
- RE: acid errors Steve Halligan (Aug 27)
- RE: acid errors Steve Moran (Aug 27)
- RE: acid errors roman (Aug 27)
- ACID errors pbsarnac (Sep 25)
- RE: ACID errors Karen Marino (Sep 25)
- RE: ACID errors Steve Halligan (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- Re: ACID errors frank . bussink (Sep 26)
  - Re: ACID errors Mark Rowlands (Sep 26)
- Re: ACID errors pbsarnac (Sep 26)
- Re: ACID errors roman (Sep 26)