Snort mailing list archives
Re: 2 bugs in ACID v0.9.6b17
From: roman () danyliw com
Date: Thu, 1 Nov 2001 17:11:33 US/Eastern
Erik, [snip]
On the main screen, click on the percentage of total traffic link for portscans. After the first page of portscan data is displayed, click on the "Unique addresses: source" link in the "Summary Statistics" box. Although all my portscans are identified with source IP addresses, clicking on this link shows that all addresses are unknown. I would have expected a summary breakdown of all the unique IP addresses that portscanned me.
This is not a bug. The IP addresses associated with portscans are not actually stored in the database. The fact that you see source addresses in the alert listing page is misleading, since this is achieved with "text mangling" of the signature. If you have a copy of the portscan.log, you can set it in $portscan_file of acid_conf.php and view what portscans a particular IP generated. However, getting a list of unique address which generated portscans is currently not possible.
The second bug relates to a link that points to the ports database:
[snip]
payload. In the TCP section, click on either the source or destination port link. These currently point to http://www.snort.org whereas I believe they should be pointing to http://www.portsdb.org/. The $external_port_link variable defined in my acid_conf.php file is set to
This was fixed in CVS earlier this week. Roman --------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 2 bugs in ACID v0.9.6b17 Erik Melander (Nov 01)
- Re: 2 bugs in ACID v0.9.6b17 Brian (Nov 01)
- <Possible follow-ups>
- Re: 2 bugs in ACID v0.9.6b17 roman (Nov 01)
- RE: 2 bugs in ACID v0.9.6b17 Erik Melander (Nov 01)
- Re: 2 bugs in ACID v0.9.6b17 'Brian ' (Nov 01)
- Re: 2 bugs in ACID v0.9.6b17 roman (Nov 02)
- Re: 2 bugs in ACID v0.9.6b17 Brian (Nov 06)