Snort mailing list archives
Re: Acid 0.9.6b6 Reference Links
From: "Brad T." <bthaler () webstream net>
Date: Fri, 20 Jul 2001 16:01:19 -0400
OK. I've upgraded to 0.9.6b9 and still no hyperlinks. Additionally, now I get this PHP error on the header: Warning: open(/tmp\sess_5036f68ba761e2c5c61446f724c67d70, O_RDWR) failed: m (2) in C:\snort\html\acid9\acid_common.php on line 125 And these PHP errors in the footer: Warning: open(/tmp\sess_5036f68ba761e2c5c61446f724c67d70, O_RDWR) failed: m (2) in Unknown on line 0 Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Thanks, Brad T. ----- Original Message ----- From: <roman () danyliw com> To: "Brad T." <bthaler () webstream net> Cc: <snort-users () lists sourceforge net> Sent: Friday, July 20, 2001 11:48 AM Subject: Re: [Snort-users] Acid 0.9.6b6 Reference Links
From my rules file "...(msg:"MISC Large ICMP Packet"; dsize: >800;reference:arachnids,246;)". So I should be seeing hyperlinks, right?Indeed you should see hyperlinks. Update to ACID v0.9.6b9+ Roman----- Original Message ----- From: <rdanyliw () voicenet com> To: "Brad T." <bthaler () webstream net> Cc: <snort-users () lists sourceforge net> Sent: Friday, July 20, 2001 10:35 AM Subject: Re: [Snort-users] Acid 0.9.6b6 Reference LinksFor example, when snort detects a "Large ICMP Packet", and puts it
into
thedatabase, Acid shows "MISC Large ICMP Packet" in the "signature"
field
ofits output. Shouldn't this be a hyperlink to the corresponding
entry in
thearachnids database?Examine the specific rule "Large ICMP Packet" in the Snort rules file, do you see a corresponding "reference: arachnids, 123"? (the number is unimportant). I checked the default Snort-1.7 rule set and this particular rule did not come with a reference. Hence ACID cannot provide a link for it. If you do have a reference tag though, then this confirms that ACID is broken, which if memory serves, there was a bug in reference support at some point in the past. I recommend upgrading to a mimimum of b9 to fix this issue. Roman----- Original Message ----- From: <roman () danyliw com> To: "Brad T." <bthaler () webstream net> Cc: <snort-users () lists sourceforge net> Sent: Friday, July 20, 2001 10:03 AM Subject: Re: [Snort-users] Acid 0.9.6b6 Reference LinksI can't figure out why I'm not able to use the whitehats.comreferencehyperlinks that acid is supposed to generate. I'm no PHP
programmer
byanymeans, but I can see the code that is supposed to do this inacid_common.php(lines 379-391 and 414-418).Do you signatures look like "IDS/100 foo"?BTW, I've tried acid-0.9.6b12 and got a bunch of PHP errors, so
I
wentbackto b6 for now.What were these errors? Roman--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- <Possible follow-ups>
- Re: Acid 0.9.6b6 Reference Links roman (Jul 20)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- Re: Acid 0.9.6b6 Reference Links rdanyliw (Jul 20)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 20)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 23)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 23)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 23)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 24)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 24)