Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID- Adding in link to incidents.org dshield

From: "Michael Scheidell" <scheidell () fdma com>
Date: Thu, 8 Nov 2001 15:36:55 -0500
Some times I want to know if the ip address atttacking me is part of a
skiddy worm/trojan port scan or if they are hitting me directly.

This patch to acid_conf and acid_stat_ipaddr.php adds the ability to click
on the link and find out if you are alone:
(this is against acid b18 as of yesterdays cvs)

add this SOMEWHERE in acid_conf:
/* Link to external DNIDS database */
$external_dnids_link = "http://www.dshield.org/ipinfo.php?ip=;

----- patch acid_stat_ipaddr.php
--- ./acid_stat_ipaddr.php.orig Tue Sep 25 11:32:03 2001
+++ ./acid_stat_ipaddr.php      Thu Nov  8 14:58:42 2001
@@ -231,6 +231,7 @@
  echo '<FONT>External: '.
       '<A HREF="'.$external_dns_link.$ip.'">DNS</A> | '.
       '<A HREF="'.$external_whois_link.$ip.'">whois</A> | '.
+      '<A HREF="'.$external_dnids_link.$ip.'">Dnids</A> | '.
       '<A HREF="'.$external_all_link.$ip.'">SamSpade</A><BR>';
 ?>
  <P>

---
Michael Scheidell
Florida Datamation, Inc.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: