Snort mailing list archives
UDP Alerts
From: "Frank Reid" <fcreid () ourcorner org>
Date: Sun, 13 Jan 2002 08:34:28 -0500
I suspected there was a differing definition for "authentication" being used during the discussion! On an unrelated note, is anyone (everyone) seeing streaming media sources (Akamai, RealMedia, AOL and others) trigger the "BAD-TRAFFIC udp port 0" alert? I have to disable that alert manually on each update as a result. Is there ever a case where one must watch this traffic for surreptitious activity? Frank -----Original Message----- From: Saad Kadhi [mailto:bsdguy () docisland org] Sent: Sunday, January 13, 2002 8:18 AM To: Frank Reid Cc: Snort Users; kamesh_rajaram () sify com Subject: RE: [Snort-users] Patch for ACID....!! On Sun, 2002-01-13 at 14:01, Frank Reid wrote:
It could be a useful feature to have both an "anonymous" and
"administrator"
(authenticated) mode on ACID. The anonymous user would be allowed to search/display alerts, graph data, etc., but not delete, archive, etc. In fact, it would be great to support granular accounts in both ACID and Demarc, probably associated with specified database criteria such as the alert type, address space, etc. So, if "User X" is associated with
address
1.2.3.0/24 and has non-administrative permissions (no delete), "User X" is only able to query within those bounds after authenticating. "User Y" is
a
website administrator, so he only has non-administrative permissions for 1.2.3.4/32 and only for alerts WEB-IIS, WEB-MISC, etc.
Now I got the picture. I thought it was just a need to authenticate access to the acid subdir. My sincere apologies to kamesh for such a misunderstanding. Regards. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Patch for ACID....!! kamesh_rajaram (Jan 12)
- Re: Patch for ACID....!! Saad Kadhi (Jan 12)
- RE: Patch for ACID....!! Frank Reid (Jan 13)
- RE: Patch for ACID....!! Saad Kadhi (Jan 13)
- UDP Alerts Frank Reid (Jan 13)
- Re: UDP Alerts Matt Kettler (Jan 14)
- RE: Patch for ACID....!! Frank Reid (Jan 13)
- Re: Patch for ACID....!! Saad Kadhi (Jan 12)